diff --git a/deploy/args.json b/deploy/args.json index 30a369dbf1..9670108acf 100644 --- a/deploy/args.json +++ b/deploy/args.json @@ -1,9 +1,11 @@ { "tags": { - "fastgpt": "v4.14.9.5", - "fastgpt-sandbox": "v4.14.9.5", - "fastgpt-mcp_server": "v4.14.9", - "fastgpt-plugin": "v0.5.5", + "fastgpt": "v4.14.10", + "fastgpt-code-sandbox": "v4.14.10", + "fastgpt-mcp_server": "v4.14.10", + "fastgpt-plugin": "v0.5.6", + "volume-manager": "v0.0.2", + "agent-sandbox-image": "v0.0.2", "aiproxy": "v0.3.5", "aiproxy-pg": "0.8.0-pg15", "mongo": "5.0.32", @@ -14,17 +16,16 @@ "milvus-etcd": "v3.5.5", "milvus-standalone": "v2.4.3", "oceanbase": "4.3.5-lts", - "seekdb": "1.0.1.0-100000392025122619", - "opensandbox-server": "v0.1.7", - "opensandbox-execd": "v1.0.7", - "opensandbox-egress": "v1.0.1" + "seekdb": "1.0.1.0-100000392025122619" }, "images": { "cn": { "fastgpt": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt", "fastgpt-plugin": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin", - "fastgpt-sandbox": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox", + "fastgpt-code-sandbox": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox", "fastgpt-mcp_server": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server", + "volume-manager": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager", + "agent-sandbox-image": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox", "aiproxy": "registry.cn-hangzhou.aliyuncs.com/labring/aiproxy", "aiproxy-pg": "registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector", "mongo": "registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo", @@ -35,16 +36,14 @@ "milvus-etcd": "quay.io/coreos/etcd", "milvus-standalone": "milvusdb/milvus", "oceanbase": "oceanbase/oceanbase-ce", - "seekdb": "oceanbase/seekdb", - "opensandbox-server": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server", - "opensandbox-execd": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd", - "opensandbox-egress": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress" + "seekdb": "oceanbase/seekdb" }, "global": { "fastgpt": "ghcr.io/labring/fastgpt", "fastgpt-plugin": "ghcr.io/labring/fastgpt-plugin", - "fastgpt-sandbox": "ghcr.io/labring/fastgpt-sandbox", + "fastgpt-code-sandbox": "ghcr.io/labring/fastgpt-code-sandbox", "fastgpt-mcp_server": "ghcr.io/labring/fastgpt-mcp_server", + "volume-manager": "ghcr.io/labring/fastgpt-agent-volume-manager", "aiproxy": "ghcr.io/labring/aiproxy", "aiproxy-pg": "pgvector/pgvector", "mongo": "mongo", @@ -55,10 +54,7 @@ "milvus-etcd": "quay.io/coreos/etcd", "milvus-standalone": "milvusdb/milvus", "oceanbase": "oceanbase/oceanbase-ce", - "seekdb": "oceanbase/seekdb", - "opensandbox-server": "opensandbox/server", - "opensandbox-execd": "opensandbox/execd", - "opensandbox-egress": "opensandbox/egress" + "seekdb": "oceanbase/seekdb" } } } diff --git a/deploy/dev/docker-compose.cn.yml b/deploy/dev/docker-compose.cn.yml index 648c0b5230..44e95aeaa6 100644 --- a/deploy/dev/docker-compose.cn.yml +++ b/deploy/dev/docker-compose.cn.yml @@ -5,11 +5,43 @@ # - pg: 5432 # - mongo: 27017 # - redis: 6379 -# - fastgpt-sandbox: 3002 +# - fastgpt-code-sandbox: 3002 # - fastgpt-plugin: 3003 # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,50 +166,145 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + code-sandbox: + container_name: code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always environment: - FASTGPT_ENDPOINT=http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/dev/docker-compose.yml b/deploy/dev/docker-compose.yml index 7592f75aef..5298f820e7 100644 --- a/deploy/dev/docker-compose.yml +++ b/deploy/dev/docker-compose.yml @@ -5,11 +5,43 @@ # - pg: 5432 # - mongo: 27017 # - redis: 6379 -# - fastgpt-sandbox: 3002 +# - fastgpt-code-sandbox: 3002 # - fastgpt-plugin: 3003 # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,50 +166,145 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + code-sandbox: + container_name: code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always environment: - FASTGPT_ENDPOINT=http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.milvus.yml b/deploy/docker/cn/docker-compose.milvus.yml index 11601b9c64..f9bab9704a 100644 --- a/deploy/docker/cn/docker-compose.milvus.yml +++ b/deploy/docker/cn/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -191,7 +193,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -265,7 +280,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -310,7 +325,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -320,7 +335,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -342,6 +357,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -394,3 +463,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/cn/docker-compose.oceanbase.yml b/deploy/docker/cn/docker-compose.oceanbase.yml index e761d9cf53..ec200258ac 100644 --- a/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/deploy/docker/cn/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -168,7 +170,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -242,7 +257,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -287,7 +302,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -297,7 +312,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -319,6 +334,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -370,9 +439,29 @@ networks: fastgpt: aiproxy: vector: + configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" init_sql: name: init_sql content: | ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + \ No newline at end of file diff --git a/deploy/docker/cn/docker-compose.pg.yml b/deploy/docker/cn/docker-compose.pg.yml index af370d0c64..851fc255d3 100644 --- a/deploy/docker/cn/docker-compose.pg.yml +++ b/deploy/docker/cn/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -149,7 +151,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -223,7 +238,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -268,7 +283,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -278,7 +293,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -300,6 +315,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -352,3 +421,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/cn/docker-compose.seekdb.yml b/deploy/docker/cn/docker-compose.seekdb.yml index 8a4a9aa12d..091b5b3d2b 100644 --- a/deploy/docker/cn/docker-compose.seekdb.yml +++ b/deploy/docker/cn/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -155,7 +157,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -229,7 +244,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -274,7 +289,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -284,7 +299,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -306,6 +321,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -358,3 +427,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/cn/docker-compose.zilliz.yml b/deploy/docker/cn/docker-compose.zilliz.yml index 55c4330f07..4ee619def1 100644 --- a/deploy/docker/cn/docker-compose.zilliz.yml +++ b/deploy/docker/cn/docker-compose.zilliz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -133,7 +135,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -207,7 +222,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -252,7 +267,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -262,7 +277,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -284,6 +299,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -336,3 +405,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/global/docker-compose.milvus.yml b/deploy/docker/global/docker-compose.milvus.yml index 4c7b2da454..2b0a3b4374 100644 --- a/deploy/docker/global/docker-compose.milvus.yml +++ b/deploy/docker/global/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -191,7 +193,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -265,7 +280,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -310,7 +325,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -320,7 +335,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -342,6 +357,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -394,3 +463,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/global/docker-compose.oceanbase.yml b/deploy/docker/global/docker-compose.oceanbase.yml index 9ef2bc2356..38ab2346e5 100644 --- a/deploy/docker/global/docker-compose.oceanbase.yml +++ b/deploy/docker/global/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -168,7 +170,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -242,7 +257,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -287,7 +302,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -297,7 +312,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -319,6 +334,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -370,9 +439,29 @@ networks: fastgpt: aiproxy: vector: + configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" init_sql: name: init_sql content: | ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + \ No newline at end of file diff --git a/deploy/docker/global/docker-compose.pg.yml b/deploy/docker/global/docker-compose.pg.yml index 630a8c93ba..8d34301717 100644 --- a/deploy/docker/global/docker-compose.pg.yml +++ b/deploy/docker/global/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -149,7 +151,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -223,7 +238,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -268,7 +283,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -278,7 +293,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -300,6 +315,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -352,3 +421,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/global/docker-compose.seekdb.yml b/deploy/docker/global/docker-compose.seekdb.yml index 02b593350c..d0b8458deb 100644 --- a/deploy/docker/global/docker-compose.seekdb.yml +++ b/deploy/docker/global/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -155,7 +157,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -229,7 +244,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -274,7 +289,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -284,7 +299,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -306,6 +321,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -358,3 +427,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/docker/global/docker-compose.ziliiz.yml b/deploy/docker/global/docker-compose.ziliiz.yml index 100fb24c85..fef90ba1ef 100644 --- a/deploy/docker/global/docker-compose.ziliiz.yml +++ b/deploy/docker/global/docker-compose.ziliiz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -133,7 +135,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -207,7 +222,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -252,7 +267,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -262,7 +277,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -284,6 +299,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -336,3 +405,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/deploy/init.mjs b/deploy/init.mjs index 0b73c1ccfb..ae5d38b8b0 100644 --- a/deploy/init.mjs +++ b/deploy/init.mjs @@ -79,8 +79,7 @@ const vector = { OCEANBASE_URL: mysql://root%40tenantname:tenantpassword@ob:2881/mysql `, extra: `\ -configs: - init_sql: +init_sql: name: init_sql content: | ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/deploy/templates/docker-compose.dev.yml b/deploy/templates/docker-compose.dev.yml index 07e39c8dab..7b3be959c7 100644 --- a/deploy/templates/docker-compose.dev.yml +++ b/deploy/templates/docker-compose.dev.yml @@ -5,11 +5,43 @@ # - pg: 5432 # - mongo: 27017 # - redis: 6379 -# - fastgpt-sandbox: 3002 +# - fastgpt-code-sandbox: 3002 # - fastgpt-plugin: 3003 # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,19 +166,57 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox - image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}} + code-sandbox: + container_name: code-sandbox + image: ${{fastgpt-code-sandbox.image}}:${{fastgpt-code-sandbox.tag}} ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}} ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always @@ -157,27 +227,84 @@ services: container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ${{volume-manager.image}}:${{volume-manager.tag}} + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}} + profiles: + - prepull + # AI Proxy aiproxy: image: ${{aiproxy.image}}:${{aiproxy.tag}} @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/templates/docker-compose.prod.copy.yml b/deploy/templates/docker-compose.prod.copy.yml deleted file mode 100644 index 98b3e8efa0..0000000000 --- a/deploy/templates/docker-compose.prod.copy.yml +++ /dev/null @@ -1,330 +0,0 @@ -# 用于部署的 docker-compose 文件: -# - FastGPT 端口映射为 3000:3000 -# - FastGPT-mcp-server 端口映射 3005:3000 -# - 建议修改账密后再运行 - -# plugin auth token -x-plugin-auth-token: &x-plugin-auth-token 'token' -# aiproxy token -x-aiproxy-token: &x-aiproxy-token 'token' -# 数据库连接相关配置 -x-share-db-config: &x-share-db-config - MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin - DB_MAX_LINK: 100 - REDIS_URL: redis://default:mypassword@redis:6379 - # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage - STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss - STORAGE_REGION: us-east-1 - STORAGE_ACCESS_KEY_ID: minioadmin - STORAGE_SECRET_ACCESS_KEY: minioadmin - STORAGE_PUBLIC_BUCKET: fastgpt-public - STORAGE_PRIVATE_BUCKET: fastgpt-private - STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) - STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 - STORAGE_S3_FORCE_PATH_STYLE: true - STORAGE_S3_MAX_RETRIES: 3 -# Log 配置 -x-log-config: &x-log-config - LOG_ENABLE_CONSOLE: true - LOG_CONSOLE_LEVEL: debug - LOG_ENABLE_OTEL: false - LOG_OTEL_LEVEL: info - LOG_OTEL_URL: http://localhost:4318/v1/logs - -# 向量库相关配置 -x-vec-config: &x-vec-config -${{vec.config}} - -version: '3.3' -services: - # Vector DB -${{vec.db}} - mongo: - image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29 - container_name: mongo - restart: always - networks: - - fastgpt - command: mongod --keyFile /data/mongodb.key --replSet rs0 - environment: - - MONGO_INITDB_ROOT_USERNAME=myusername - - MONGO_INITDB_ROOT_PASSWORD=mypassword - volumes: - - ./mongo/data:/data/db - healthcheck: - test: ['CMD', 'mongo', '-u', 'myusername', '-p', 'mypassword', '--authenticationDatabase', 'admin', '--eval', "db.adminCommand('ping')"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 30s - entrypoint: - - bash - - -c - - | - openssl rand -base64 128 > /data/mongodb.key - chmod 400 /data/mongodb.key - chown 999:999 /data/mongodb.key - echo 'const isInited = rs.status().ok === 1 - if(!isInited){ - rs.initiate({ - _id: "rs0", - members: [ - { _id: 0, host: "mongo:27017" } - ] - }) - }' > /data/initReplicaSet.js - # 启动MongoDB服务 - exec docker-entrypoint.sh "$$@" & - - # 等待MongoDB服务启动 - until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do - echo "Waiting for MongoDB to start..." - sleep 2 - done - - # 执行初始化副本集的脚本 - mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js - - # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 - wait $$! - redis: - image: ${{redis.image}}:${{redis.tag}} - container_name: redis - networks: - - fastgpt - restart: always - command: | - redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction - healthcheck: - test: ['CMD', 'redis-cli', '-a', 'mypassword', 'ping'] - interval: 10s - timeout: 3s - retries: 3 - start_period: 30s - volumes: - - ./redis/data:/data - fastgpt-minio: - image: ${{minio.image}}:${{minio.tag}} - container_name: fastgpt-minio - restart: always - ports: - - 9000:9000 - - 9001:9001 - networks: - - fastgpt - environment: - - MINIO_ROOT_USER=minioadmin - - MINIO_ROOT_PASSWORD=minioadmin - volumes: - - ./fastgpt-minio:/data - command: server /data --console-address ":9001" - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live'] - interval: 30s - timeout: 20s - retries: 3 - - opensandbox-server: - image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7 - container_name: opensandbox-server - restart: always - networks: - - fastgpt - extra_hosts: - - 'host.docker.internal:host-gateway' # Enable access to host machine - volumes: - - /var/run/docker.sock:/var/run/docker.sock - configs: - - source: opensandbox-config - target: /etc/opensandbox/config.toml - environment: - - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] - interval: 10s - timeout: 5s - retries: 5 - - fastgpt: - container_name: fastgpt - image: ${{fastgpt.image}}:${{fastgpt.tag}} # git - ports: - - 3000:3000 - networks: - - fastgpt - extra_hosts: - - 'host.docker.internal:host-gateway' # Enable access to host machine - depends_on: - - mongo - - sandbox - - vectorDB - - opensandbox-server - restart: always - environment: - <<: [*x-share-db-config, *x-vec-config, *x-log-config] - # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 - FE_DOMAIN: - # root 密码,用户名为: root。如果需要修改 root 密码,直接修改这个环境变量,并重启即可。 - DEFAULT_ROOT_PSW: 1234 - # 登录凭证密钥 - TOKEN_KEY: any - # root的密钥,常用于升级时候的初始化请求 - ROOT_KEY: root_key - # 文件阅读加密 - FILE_TOKEN_KEY: filetoken - # 密钥加密key - AES256_SECRET_KEY: fastgptkey - - # plugin 地址 - PLUGIN_BASE_URL: http://fastgpt-plugin:3000 - PLUGIN_TOKEN: *x-plugin-auth-token - # sandbox 地址 - CODE_SANDBOX_URL: http://sandbox:3000 - # opensandbox server 地址 - OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090 - # AI Proxy 的地址,如果配了该地址,优先使用 - AIPROXY_API_ENDPOINT: http://aiproxy:3000 - # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY - AIPROXY_API_TOKEN: *x-aiproxy-token - - # 传递给 OTLP 收集器的服务名称 - LOG_OTEL_SERVICE_NAME: fastgpt-client - - # 工作流最大运行次数 - WORKFLOW_MAX_RUN_TIMES: 1000 - # 批量执行节点,最大输入长度 - WORKFLOW_MAX_LOOP_TIMES: 100 - # 对话文件过期天数 - CHAT_FILE_EXPIRE_TIME: 7 - # 服务器接收请求,最大大小,单位 MB - SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 - # HTML 转换最大字符数 - MAX_HTML_TRANSFORM_CHARS: 1000000 - volumes: - - ./config.json:/app/data/config.json - sandbox: - container_name: sandbox - image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}} - networks: - - fastgpt - restart: always - environment: - <<: [*x-log-config] - LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] - interval: 30s - timeout: 20s - retries: 3 - fastgpt-mcp-server: - container_name: fastgpt-mcp-server - image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}} - networks: - - fastgpt - ports: - - 3005:3000 - restart: always - environment: - <<: [*x-log-config] - FASTGPT_ENDPOINT: http://fastgpt:3000 - fastgpt-plugin: - image: ${{fastgpt-plugin.image}}:${{fastgpt-plugin.tag}} - container_name: fastgpt-plugin - restart: always - networks: - - fastgpt - environment: - <<: [*x-share-db-config, *x-log-config] - AUTH_TOKEN: *x-plugin-auth-token - # 工具网络请求,最大请求和响应体 - SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 - # 最大 API 请求体大小 - MAX_API_SIZE: 10 - # 传递给 OTLP 收集器的服务名称 - LOG_OTEL_SERVICE_NAME: fastgpt-plugin - depends_on: - fastgpt-minio: - condition: service_healthy - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] - interval: 30s - timeout: 20s - retries: 3 - # AI Proxy - aiproxy: - image: ${{aiproxy.image}}:${{aiproxy.tag}} - container_name: aiproxy - restart: unless-stopped - depends_on: - aiproxy_pg: - condition: service_healthy - networks: - - fastgpt - - aiproxy - environment: - # 对应 fastgpt 里的AIPROXY_API_TOKEN - ADMIN_KEY: *x-aiproxy-token - # 错误日志详情保存时间(小时) - LOG_DETAIL_STORAGE_HOURS: 1 - # 数据库连接地址 - SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy - # 最大重试次数 - RETRY_TIMES: 3 - # 不需要计费 - BILLING_ENABLED: false - # 不需要严格检测模型 - DISABLE_MODEL_CONFIG: true - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] - interval: 5s - timeout: 5s - retries: 10 - aiproxy_pg: - image: ${{aiproxy-pg.image}}:${{aiproxy-pg.tag}} # docker hub - restart: unless-stopped - container_name: aiproxy_pg - volumes: - - ./aiproxy_pg:/var/lib/postgresql/data - networks: - - aiproxy - environment: - TZ: Asia/Shanghai - POSTGRES_USER: postgres - POSTGRES_DB: aiproxy - POSTGRES_PASSWORD: aiproxy - healthcheck: - test: ['CMD', 'pg_isready', '-U', 'postgres', '-d', 'aiproxy'] - interval: 5s - timeout: 5s - retries: 10 -networks: - fastgpt: - aiproxy: - vector: -${{vec.extra}} - -configs: - # opensandbox config - opensandbox-config: - content: | - [server] - host = "0.0.0.0" - port = 8090 - log_level = "INFO" - - [runtime] - type = "docker" - execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7" - - [egress] - image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" - - [docker] - network_mode = "bridge" - host_ip = "host.docker.internal" - drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] - no_new_privileges = true - pids_limit = 512 - - [ingress] - mode = "direct" diff --git a/deploy/templates/docker-compose.prod.yml b/deploy/templates/docker-compose.prod.yml index 0c9461c500..87dc40ccf8 100644 --- a/deploy/templates/docker-compose.prod.yml +++ b/deploy/templates/docker-compose.prod.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -132,7 +134,7 @@ ${{vec.db}} fastgpt: container_name: fastgpt - image: ${{fastgpt.image}}:${{fastgpt.tag}} # git + image: ${{fastgpt.image}}:${{fastgpt.tag}} ports: - 3000:3000 networks: @@ -175,6 +177,19 @@ ${{vec.db}} # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ${{agent-sandbox-image.image}} + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: ${{agent-sandbox-image.tag}} + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -206,7 +221,7 @@ ${{vec.db}} - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}} + image: ${{fastgpt-code-sandbox.image}}:${{fastgpt-code-sandbox.tag}} networks: - fastgpt restart: always @@ -283,6 +298,60 @@ ${{vec.db}} interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ${{volume-manager.image}}:${{volume-manager.tag}} + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}} + profiles: + - prepull + # AI Proxy aiproxy: image: ${{aiproxy.image}}:${{aiproxy.tag}} @@ -334,4 +403,25 @@ networks: fastgpt: aiproxy: vector: -${{vec.extra}} + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + ${{vec.extra}} \ No newline at end of file diff --git a/document/content/docs/self-host/deploy/docker.en.mdx b/document/content/docs/self-host/deploy/docker.en.mdx index 26e6df20f2..f821e33a87 100644 --- a/document/content/docs/self-host/deploy/docker.en.mdx +++ b/document/content/docs/self-host/deploy/docker.en.mdx @@ -87,7 +87,7 @@ curl -L https://github.com/docker/compose/releases/download/v2.20.3/docker-compo chmod +x /usr/local/bin/docker-compose # Verify installation docker -v -docker-compose -v +docker compose -v # If it fails, search online for solutions ``` @@ -173,7 +173,7 @@ Run in the same directory as docker-compose.yml. Ensure `docker-compose` version ```bash # Start containers -docker-compose up -d +docker compose --profile prepull pull agent-sandbox-image && docker compose up -d ``` ### 5. Access FastGPT @@ -260,8 +260,8 @@ mongo: 3. Restart services: ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` 4. Enter the container and initialize the replica set: @@ -296,8 +296,8 @@ By default, OneAPI connection address and key are configured. Modify the environ After modifying, restart: ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` ### How to Update Versions? @@ -307,15 +307,14 @@ docker-compose up -d 3. Run these commands to pull and restart: ```bash - docker-compose pull - docker-compose up -d + docker compose up -d ``` 4. Run initialization scripts (if any) ### How to Customize Configuration Files? -Modify `config.json`, then run `docker-compose down` followed by `docker-compose up -d` to restart. For details, see [Configuration Guide](/docs/self-host/config/json). +Modify `config.json`, then run `docker compose down` followed by `docker compose up -d` to restart. For details, see [Configuration Guide](/docs/self-host/config/json). ### How to Check if Custom Config File is Mounted @@ -326,7 +325,7 @@ Modify `config.json`, then run `docker-compose down` followed by `docker-compose 1. Incorrect mount directory 2. Invalid config file — logs will show `invalid json`. The file must be valid JSON. -3. Didn't run `docker-compose down` then `docker-compose up -d` after changes. A simple restart doesn't remount files. +3. Didn't run `docker compose down` then `docker compose up -d` after changes. A simple restart doesn't remount files. ### How to Check if Environment Variables Loaded diff --git a/document/content/docs/self-host/deploy/docker.mdx b/document/content/docs/self-host/deploy/docker.mdx index 5d7e32b2d2..7f5047e872 100644 --- a/document/content/docs/self-host/deploy/docker.mdx +++ b/document/content/docs/self-host/deploy/docker.mdx @@ -87,7 +87,7 @@ curl -L https://github.com/docker/compose/releases/download/v2.20.3/docker-compo chmod +x /usr/local/bin/docker-compose # 验证安装 docker -v -docker-compose -v +docker compose -v # 如失效,自行百度~ ``` @@ -173,7 +173,8 @@ bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) ```bash # 启动容器 -docker-compose up -d +docker compose --profile prepull pull agent-sandbox-image && dockercompose up -d + ``` ### 5. 访问 FastGPT @@ -261,8 +262,8 @@ mongo: 3. 重启服务 ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` 4. 进入容器执行副本集合初始化 @@ -297,8 +298,8 @@ rs.status() 修改完后重启: ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` ### 如何更新版本? @@ -308,15 +309,14 @@ docker-compose up -d 3. 执行下面命令会自动拉取镜像: ```bash - docker-compose pull - docker-compose up -d + docker compose up -d ``` 4. 执行初始化脚本(如果有) ### 如何自定义配置文件? -修改`config.json`文件,并执行`docker-compose down`再执行`docker-compose up -d`重起容器。具体配置,参考[配置详解](/docs/self-host/config/json)。 +修改`config.json`文件,并执行`docker compose down`再执行`docker compose up -d`重起容器。具体配置,参考[配置详解](/docs/self-host/config/json)。 ### 如何检查自定义配置文件是否挂载 @@ -327,7 +327,7 @@ docker-compose up -d 1. 挂载目录不正确 2. 配置文件不正确,日志中会提示`invalid json`,配置文件需要是标准的 JSON 文件。 -3. 修改后,没有`docker-compose down`再`docker-compose up -d`,restart是不会重新挂载文件的。 +3. 修改后,没有`docker compose down`再`docker compose up -d`,restart是不会重新挂载文件的。 ### 如何检查环境变量是否正常加载 diff --git a/document/content/docs/self-host/upgrading/4-14/41410.en.mdx b/document/content/docs/self-host/upgrading/4-14/41410.en.mdx new file mode 100644 index 0000000000..cd0e58bb4c --- /dev/null +++ b/document/content/docs/self-host/upgrading/4-14/41410.en.mdx @@ -0,0 +1,76 @@ +--- +title: 'V4.14.10' +description: 'FastGPT V4.14.10 Release Notes' +--- + +## Upgrade Guide + +### 1. Add agent-sandbox related configurations + +The following configuration adjustments are for `docker compose` deployments. `sealos` commercial users can contact support for an online sandbox service solution. + +Open the [latest yml deployment file](https://github.com/labring/FastGPT/blob/main/deploy/docker/global/docker-compose.pg.yml) and add the following: + +1. Add the `x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken'` variable configuration at the top of the file. +2. Add 3 new services: `opensandbox-server`, `volume-manager`, and `agent-sandbox-image`. +3. Add `configs` (you can find this content at the bottom of the file, just copy and append it directly). +4. Modify the `fastgpt` environment variables to include the following: + +```bash +# ==================== Agent sandbox config ==================== +AGENT_SANDBOX_PROVIDER: opensandbox +# OpenSandbox config (effective when PROVIDER: opensandbox) +AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 +AGENT_SANDBOX_OPENSANDBOX_API_KEY: +AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker +AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt/fastgpt-agent-sandbox +AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 +# Volume persistence config (optional under opensandbox provider) +AGENT_SANDBOX_ENABLE_VOLUME: true +AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 +AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token +``` + +### 2. Modify the sandbox image name + +The image name under the original `sandbox` services needs to be changed from `fastgpt-sandbox` to `fastgpt-code-sandbox`. + +### 3. Update image tags + +- Update FastGPT image tag to: `v4.14.10` +- Update FastGPT commercial image tag to: `v4.14.10` +- Update fastgpt-plugin image tag to: `v0.5.6` +- Update code-sandbox image tag to: `v4.14.10` + +Restart the service after updating. + +### 4. Update system tools and refresh icons + +Some system tool icons have been removed and replaced with image links, so some tool icons will be lost. You can update the system tools again (uninstall and reinstall, or directly import the pkg to overwrite). + +## 🚀 Features + +1. Added OpenSandbox docker deployment and adaptation, with support for data persistence via mounted volumes. +2. Added sandbox file link reading tool, allowing AI to directly return file access links. +3. Added WeChat Personal Account publishing channel. +4. Added streaming output support for Lark publishing channel. +5. The maximum directory limit can now be configured via environment variables. +6. Added max limit configuration for rerank models to prevent rerank failures caused by exceeding the single document limit. +7. Added tiered billing mode for LLMs and unified the billing push method. + +## ⚙️ Optimizations + +1. Optimized workflow runtime to reduce computational complexity. +2. Added calculation limits for large variables to prevent thread blocking caused by high computational complexity. +3. Removed configurations like "Used for knowledge base file processing" and "Used for question classification" from model settings, and unified them with a "Test Model" flag. Test models will have a special identifier and can only be used in AI chat; they will be filtered out in other scenarios. + +## 🐛 Bug Fixes + +1. Fixed an issue where the default values of global variables in sub-workflows were not taking effect. +2. Fixed an issue where the configured rerank model was not displaying in agent mode. +3. Fixed an issue where the output of the bge-m3 embedding vector model was always 0. +4. Fixed a call failure caused by connection exceptions during concurrent MCP calls. +5. Fixed security vulnerabilities in the login API. +6. Fixed MCP SSRF security vulnerabilities. +7. Fixed an issue where workflow tool errors were not properly caught. +8. Fixed an issue where the default values of global variables in sub-workflows were not taking effect. diff --git a/document/content/docs/self-host/upgrading/4-14/41410.mdx b/document/content/docs/self-host/upgrading/4-14/41410.mdx index fad9102123..a2f7f28a3e 100644 --- a/document/content/docs/self-host/upgrading/4-14/41410.mdx +++ b/document/content/docs/self-host/upgrading/4-14/41410.mdx @@ -1,21 +1,64 @@ --- -title: 'V4.14.10(进行中)' +title: 'V4.14.10' description: 'FastGPT V4.14.10 更新说明' --- -## 注意 +## 升级指南 -1. 代码沙盒镜像名变更: `{{hub}}/fastgpt-sandbox` -> `{{hub}}/fastgpt-code-sandbox` -2. 系统工具部分头像,移除了 icon,都转用图片链接,如果丢失了头像,可以重新更新一次系统工具(卸载再安装,或者直接导入 pkg 覆盖) +### 1. 增加 agent-sandbox 相关配置 + +以下针对的是 `docker compose` 部署方案的配置调整,使用`sealos`的商业版用户,可私信支持人员,提供在线的沙盒服务方案。 + +打开[最新 yml 部署文件](https://github.com/labring/FastGPT/blob/main/deploy/docker/cn/docker-compose.pg.yml),调整以下内容: + +1. 在文件顶部增加 `x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken'` 变量配置。 +2. 增加 3 组 services: `opensandbox-server`,`volume-manager`,`agent-sandbox-image` +3. 增加 `configs`, 文件底部可找到该内容,直接复制添加。 +4. 修改 `fastgpt` 环境变量, 增加以下变量: + +```bash +# ==================== Agent sandbox 配置 ==================== +AGENT_SANDBOX_PROVIDER: opensandbox +# OpenSandbox 配置(PROVIDER: opensandbox 时生效) +AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 +AGENT_SANDBOX_OPENSANDBOX_API_KEY: +AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker +AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox +AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 +# Volume 持久化配置(opensandbox provider 下可选) +AGENT_SANDBOX_ENABLE_VOLUME: true +AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 +AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token +``` + +### 2. 修改 sandbox 镜像名 + +原先的 `sandbox` 服务的镜像名,需要从`fastgpt-sandbox`改成`fastgpt-code-sandbox`。 + +目的是为了区分 agent-sandbox 和 code-sandbox。 + +### 3. 更新镜像 tag + +- 更新 FastGPT 镜像 tag: v4.14.10 +- 更新 FastGPT 商业版镜像 tag: v4.14.10 +- 更新 code-sandbox 镜像 tag: v4.14.10 +- 更新 fastgpt-plugin 镜像 tag: v0.5.6 + +更新完后即可重启服务。 + +### 4. 更新系统工具,刷新头像 + +系统工具部分头像,移除了 icon,都转用图片链接,所以会丢失一部分工具的头像。可以重新更新一次系统工具(卸载再安装,或者直接导入 pkg 覆盖)。 ## 🚀 新增内容 -1. 增加 OpenSandbox docker 部署方案及适配,并支持通过挂载 volumn 进行数据持久化。 +1. 增加 OpenSandbox docker 部署方案及适配,并支持通过挂载 volume 进行数据持久化。 2. 新增沙盒读取文件链接工具,可以直接让 AI 返回文件的访问链接。 -3. 飞书发布渠道,支持流输出。 -4. 目录最大上限,可通过环境变量配置。 -5. rerank 模型上限配置,避免超出单条 document 上限导致 rerank 失败。 -6. 增加 LLM 梯度计量计费模式,同时统一计费推送方式。 +3. 新增微信个人号发布渠道 +4. 飞书发布渠道,支持流输出。 +5. 目录最大上限,可通过环境变量配置。 +6. rerank 模型上限配置,避免超出单条 document 上限导致 rerank 失败。 +7. 增加 LLM 梯度计量计费模式,同时统一计费推送方式。 ## ⚙️ 优化 @@ -28,4 +71,8 @@ description: 'FastGPT V4.14.10 更新说明' 1. 子工作流的全局变量默认值未生效。 2. agent 模式下已配的 rerank 模型不显示。 3. bge-m3 embedding 向量模型输出都为 0 的问题。 -4. MCP 并发调用时,连接异常导致调用失败。 \ No newline at end of file +4. MCP 并发调用时,连接异常导致调用失败。 +5. 修复登录接口安全问题 +6. 修复 MCP SSRF 安全问题 +7. 修复工作流工具错误未成功捕获问题 +8. 修复子工作流全局变量默认值未生效 \ No newline at end of file diff --git a/document/content/docs/self-host/upgrading/4-14/meta.en.json b/document/content/docs/self-host/upgrading/4-14/meta.en.json index 8156ffb8e7..6c9a641bd0 100644 --- a/document/content/docs/self-host/upgrading/4-14/meta.en.json +++ b/document/content/docs/self-host/upgrading/4-14/meta.en.json @@ -1,5 +1,5 @@ { "title": "4.14.x", "description": "", - "pages": ["4149", "4148", "4147", "4146", "41451", "4145", "4144", "4143", "4142", "4141", "4140"] + "pages": ["41410", "4149", "4148", "4147", "4146", "41451", "4145", "4144", "4143", "4142", "4141", "4140"] } diff --git a/document/content/docs/toc.en.mdx b/document/content/docs/toc.en.mdx index 8af9d12acb..9a24811b94 100644 --- a/document/content/docs/toc.en.mdx +++ b/document/content/docs/toc.en.mdx @@ -113,6 +113,7 @@ description: FastGPT Toc - [/en/docs/self-host/upgrading/4-13/4132](/en/docs/self-host/upgrading/4-13/4132) - [/en/docs/self-host/upgrading/4-14/4140](/en/docs/self-host/upgrading/4-14/4140) - [/en/docs/self-host/upgrading/4-14/4141](/en/docs/self-host/upgrading/4-14/4141) +- [/en/docs/self-host/upgrading/4-14/41410](/en/docs/self-host/upgrading/4-14/41410) - [/en/docs/self-host/upgrading/4-14/4142](/en/docs/self-host/upgrading/4-14/4142) - [/en/docs/self-host/upgrading/4-14/4143](/en/docs/self-host/upgrading/4-14/4143) - [/en/docs/self-host/upgrading/4-14/4144](/en/docs/self-host/upgrading/4-14/4144) diff --git a/document/data/doc-last-modified.json b/document/data/doc-last-modified.json index c4031f0c0c..d894bdea79 100644 --- a/document/data/doc-last-modified.json +++ b/document/data/doc-last-modified.json @@ -173,8 +173,8 @@ "document/content/docs/self-host/custom-models/ollama.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/custom-models/xinference.en.mdx": "2026-03-30T10:05:42+08:00", "document/content/docs/self-host/custom-models/xinference.mdx": "2026-03-30T10:05:42+08:00", - "document/content/docs/self-host/deploy/docker.en.mdx": "2026-03-19T14:09:03+08:00", - "document/content/docs/self-host/deploy/docker.mdx": "2026-03-19T14:09:03+08:00", + "document/content/docs/self-host/deploy/docker.en.mdx": "2026-03-31T22:46:45+08:00", + "document/content/docs/self-host/deploy/docker.mdx": "2026-03-31T22:32:05+08:00", "document/content/docs/self-host/deploy/sealos.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/deploy/sealos.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/design/dataset.en.mdx": "2026-03-03T17:39:47+08:00", @@ -220,7 +220,8 @@ "document/content/docs/self-host/upgrading/4-14/4140.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.mdx": "2026-03-03T17:39:47+08:00", - "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-30T22:11:30+08:00", + "document/content/docs/self-host/upgrading/4-14/41410.en.mdx": "2026-03-31T22:46:45+08:00", + "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-31T22:46:45+08:00", "document/content/docs/self-host/upgrading/4-14/4142.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4142.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4143.en.mdx": "2026-03-03T17:39:47+08:00", @@ -381,7 +382,7 @@ "document/content/docs/self-host/upgrading/outdated/499.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/upgrade-intruction.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/upgrade-intruction.mdx": "2026-03-03T17:39:47+08:00", - "document/content/docs/toc.en.mdx": "2026-03-23T12:10:44+08:00", + "document/content/docs/toc.en.mdx": "2026-03-31T22:46:45+08:00", "document/content/docs/toc.mdx": "2026-03-24T09:59:30+08:00", "document/content/docs/use-cases/app-cases/dalle3.en.mdx": "2026-02-26T22:14:30+08:00", "document/content/docs/use-cases/app-cases/dalle3.mdx": "2025-07-23T21:35:03+08:00", diff --git a/document/public/deploy/docker/cn/docker-compose.milvus.yml b/document/public/deploy/docker/cn/docker-compose.milvus.yml index 11601b9c64..f9bab9704a 100644 --- a/document/public/deploy/docker/cn/docker-compose.milvus.yml +++ b/document/public/deploy/docker/cn/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -191,7 +193,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -265,7 +280,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -310,7 +325,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -320,7 +335,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -342,6 +357,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -394,3 +463,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml index e761d9cf53..ec200258ac 100644 --- a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -168,7 +170,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -242,7 +257,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -287,7 +302,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -297,7 +312,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -319,6 +334,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -370,9 +439,29 @@ networks: fastgpt: aiproxy: vector: + configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" init_sql: name: init_sql content: | ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + \ No newline at end of file diff --git a/document/public/deploy/docker/cn/docker-compose.pg.yml b/document/public/deploy/docker/cn/docker-compose.pg.yml index af370d0c64..851fc255d3 100644 --- a/document/public/deploy/docker/cn/docker-compose.pg.yml +++ b/document/public/deploy/docker/cn/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -149,7 +151,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -223,7 +238,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -268,7 +283,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -278,7 +293,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -300,6 +315,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -352,3 +421,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/cn/docker-compose.seekdb.yml index 8a4a9aa12d..091b5b3d2b 100644 --- a/document/public/deploy/docker/cn/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/cn/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -155,7 +157,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -229,7 +244,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -274,7 +289,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -284,7 +299,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -306,6 +321,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -358,3 +427,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/cn/docker-compose.zilliz.yml index 55c4330f07..4ee619def1 100644 --- a/document/public/deploy/docker/cn/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/cn/docker-compose.zilliz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -133,7 +135,7 @@ services: fastgpt: container_name: fastgpt - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.9.5 # git + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -207,7 +222,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -252,7 +267,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -262,7 +277,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.5 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -284,6 +299,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -336,3 +405,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/global/docker-compose.milvus.yml b/document/public/deploy/docker/global/docker-compose.milvus.yml index 4c7b2da454..2b0a3b4374 100644 --- a/document/public/deploy/docker/global/docker-compose.milvus.yml +++ b/document/public/deploy/docker/global/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -191,7 +193,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -265,7 +280,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -310,7 +325,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -320,7 +335,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -342,6 +357,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -394,3 +463,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/global/docker-compose.oceanbase.yml index 9ef2bc2356..38ab2346e5 100644 --- a/document/public/deploy/docker/global/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/global/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -168,7 +170,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -242,7 +257,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -287,7 +302,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -297,7 +312,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -319,6 +334,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -370,9 +439,29 @@ networks: fastgpt: aiproxy: vector: + configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" init_sql: name: init_sql content: | ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + \ No newline at end of file diff --git a/document/public/deploy/docker/global/docker-compose.pg.yml b/document/public/deploy/docker/global/docker-compose.pg.yml index 630a8c93ba..8d34301717 100644 --- a/document/public/deploy/docker/global/docker-compose.pg.yml +++ b/document/public/deploy/docker/global/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -149,7 +151,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -223,7 +238,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -268,7 +283,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -278,7 +293,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -300,6 +315,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -352,3 +421,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/global/docker-compose.seekdb.yml b/document/public/deploy/docker/global/docker-compose.seekdb.yml index 02b593350c..d0b8458deb 100644 --- a/document/public/deploy/docker/global/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/global/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -155,7 +157,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -229,7 +244,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -274,7 +289,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -284,7 +299,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -306,6 +321,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -358,3 +427,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/docker/global/docker-compose.ziliiz.yml b/document/public/deploy/docker/global/docker-compose.ziliiz.yml index 100fb24c85..fef90ba1ef 100644 --- a/document/public/deploy/docker/global/docker-compose.ziliiz.yml +++ b/document/public/deploy/docker/global/docker-compose.ziliiz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -133,7 +135,7 @@ services: fastgpt: container_name: fastgpt - image: ghcr.io/labring/fastgpt:v4.14.9.5 # git + image: ghcr.io/labring/fastgpt:v4.14.10 ports: - 3000:3000 networks: @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -207,7 +222,7 @@ services: - ./config.json:/app/data/config.json code-sandbox: container_name: code-sandbox - image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 + image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always @@ -252,7 +267,7 @@ services: retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server - image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 + image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: @@ -262,7 +277,7 @@ services: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt:3000 fastgpt-plugin: - image: ghcr.io/labring/fastgpt-plugin:v0.5.5 + image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: @@ -284,6 +299,60 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -336,3 +405,24 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" + \ No newline at end of file diff --git a/document/public/deploy/install.sh b/document/public/deploy/install.sh index 80e3f2f91c..748c7fdf55 100644 --- a/document/public/deploy/install.sh +++ b/document/public/deploy/install.sh @@ -76,9 +76,20 @@ esac # ========== 3. 检测可用 IP ========== IP_LIST=() +PRIMARY_IP="" + +# 尝试获取主路由 IP (默认网关对应的 IP) if command -v ip &>/dev/null; then - for ip in $(ip -4 addr show 2>/dev/null | awk '/inet / {split($2,a,"/"); print a[1]}' | grep -v '127.0.0.1'); do - IP_LIST+=("$ip") + PRIMARY_IP=$(ip route get 1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") print $(i+1)}') +fi + +# 获取所有物理/主要网卡 IP,过滤掉本地回环、Docker桥接、虚拟网卡等 +if command -v ip &>/dev/null; then + VALID_IPS=$(ip -4 -o addr show | grep -vE ' lo|docker[0-9]+|br-[a-z0-9]+|veth' | awk '{split($4,a,"/"); print a[1]}') + for ip in $VALID_IPS; do + if [ "$ip" != "127.0.0.1" ]; then + IP_LIST+=("$ip") + fi done elif command -v ifconfig &>/dev/null; then for ip in $(ifconfig 2>/dev/null | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1'); do @@ -86,6 +97,26 @@ elif command -v ifconfig &>/dev/null; then done fi +# 去重并确保 PRIMARY_IP 排在第一位 +UNIQUE_IPS=() +if [ -n "$PRIMARY_IP" ]; then + UNIQUE_IPS+=("$PRIMARY_IP") +fi + +for ip in "${IP_LIST[@]}"; do + match=false + for u_ip in "${UNIQUE_IPS[@]}"; do + if [ "$u_ip" == "$ip" ]; then + match=true + break + fi + done + if [ "$match" = false ]; then + UNIQUE_IPS+=("$ip") + fi +done +IP_LIST=("${UNIQUE_IPS[@]}") + # 地址选择函数 # 参数: $1=标题, $2=端口 # 设置 SELECTED_ADDR 和 SELECTED_CUSTOM (true=手动输入, false=列表选择) @@ -96,8 +127,12 @@ select_address() { if [ ${#IP_LIST[@]} -gt 0 ]; then # 构建带完整地址的选项列表 local opts=() - for ip in "${IP_LIST[@]}"; do - opts+=("http://$ip:$port") + for i in "${!IP_LIST[@]}"; do + if [ $i -eq 0 ] && [ -n "$PRIMARY_IP" ] && [ "${IP_LIST[$i]}" == "$PRIMARY_IP" ]; then + opts+=("http://${IP_LIST[$i]}:$port (推荐/主IP)") + else + opts+=("http://${IP_LIST[$i]}:$port") + fi done opts+=("其他 (手动输入)") @@ -118,12 +153,12 @@ select_address() { } # ========== 4. 选择 S3 访问地址 (端口 9000) ========== -select_address "请选择 S3 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认):" 9000 +select_address "请选择 S3 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认, 通常默认第一个即可):" 9000 S3_ADDR="$SELECTED_ADDR" S3_CUSTOM=$SELECTED_CUSTOM -# ========== 5. 选择 SSE MCP 访问地址 (端口 3005) ========== -select_address "请选择 SSE MCP 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认):" 3005 +# ========== 5. 选择 SSE MCP 访问地址 (端口 3003) ========== +select_address "请选择 SSE MCP 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认, 通常默认第一个即可):" 3003 MCP_ADDR="$SELECTED_ADDR" MCP_CUSTOM=$SELECTED_CUSTOM @@ -148,7 +183,7 @@ if [ -n "$MCP_ADDR" ]; then if $MCP_CUSTOM; then MCP_DISPLAY="$MCP_ADDR" else - MCP_DISPLAY="http://$MCP_ADDR:3005" + MCP_DISPLAY="http://$MCP_ADDR:3003" fi else MCP_DISPLAY="未设置" @@ -237,7 +272,7 @@ if [ -n "$MCP_ADDR" ]; then if $MCP_CUSTOM; then MCP_ENDPOINT="$MCP_ADDR" else - MCP_ENDPOINT="http://$MCP_ADDR:3005" + MCP_ENDPOINT="http://$MCP_ADDR:3003" fi if [[ "$OSTYPE" == "darwin"* ]]; then @@ -258,10 +293,11 @@ fi # ========== 完成 ========== echo "" echo "配置下载成功! 后续操作:" -echo " 1. 启动服务: docker compose up -d" -echo " 2. 开放端口: 3000, 9000, 3005" -echo " 3. 访问服务: http://localhost:3000" -echo " 4. 登录服务: 默认账号为 'root', 密码为: '1234'" -echo " 5. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" +echo " 1. 预热沙盒: docker compose --profile prepull pull agent-sandbox-image" +echo " 2. 启动服务: docker compose up -d" +echo " 3. 开放端口: 3000, 9000, 3003" +echo " 4. 访问服务: http://localhost:3000" +echo " 5. 登录服务: 默认账号为 'root', 密码为: '1234'" +echo " 6. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" echo "" echo "详细文档: https://doc.fastgpt.cn/docs/self-host/deploy/docker" diff --git a/projects/app/.env.template b/projects/app/.env.template index 121f68908d..e1c581b91b 100644 --- a/projects/app/.env.template +++ b/projects/app/.env.template @@ -24,32 +24,33 @@ HIDE_CHAT_COPYRIGHT_SETTING= # PRO_URL= # 插件服务 -PLUGIN_BASE_URL=http://localhost:3003 +PLUGIN_BASE_URL=http://localhost:3004 PLUGIN_TOKEN=token # 代码沙箱服务 CODE_SANDBOX_URL=http://localhost:3002 -CODE_SANDBOX_TOKEN= +CODE_SANDBOX_TOKEN=codesandbox # AI Proxy API AIPROXY_API_ENDPOINT=https://localhost:3010 -AIPROXY_API_TOKEN=aiproxy +AIPROXY_API_TOKEN=token # Agent sandbox -AGENT_SANDBOX_PROVIDER= +AGENT_SANDBOX_PROVIDER=opensandbox # Sealos devbox AGENT_SANDBOX_SEALOS_BASEURL= AGENT_SANDBOX_SEALOS_TOKEN= # OpenSandbox 配置(PROVIDER=opensandbox 时生效) -AGENT_SANDBOX_OPENSANDBOX_BASEURL= +AGENT_SANDBOX_OPENSANDBOX_BASEURL=http://localhost:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY= AGENT_SANDBOX_OPENSANDBOX_RUNTIME=docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO=registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox -AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG=latest +AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG=v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) -AGENT_SANDBOX_ENABLE_VOLUME=false -AGENT_SANDBOX_VOLUME_MANAGER_URL= -AGENT_SANDBOX_VOLUME_MANAGER_TOKEN= +AGENT_SANDBOX_ENABLE_VOLUME=true +AGENT_SANDBOX_VOLUME_MANAGER_URL=http://localhost:3005 +AGENT_SANDBOX_VOLUME_MANAGER_TOKEN=vmtoken +AGENT_SANDBOX_VOLUME_MANAGER_MOUNT_PATH=/workspace # E2B 配置(PROVIDER=e2b 时生效) AGENT_SANDBOX_E2B_API_KEY= diff --git a/projects/app/data/config.json b/projects/app/data/config.json index b997224712..4b0c634fa0 100644 --- a/projects/app/data/config.json +++ b/projects/app/data/config.json @@ -2,7 +2,7 @@ { "feConfigs": { "lafEnv": "https://laf.dev", // laf环境。 https://laf.run (杭州阿里云) ,或者私有化的laf环境。如果使用 Laf openapi 功能,需要最新版的 laf 。 - "mcpServerProxyEndpoint": "" // mcp server 代理地址,例如: http://localhost:3005 + "mcpServerProxyEndpoint": "http://localhost:3003" // mcp server 代理地址,例如: http://localhost:3004 }, "systemEnv": { "datasetParseMaxProcess": 10, // 知识库文件解析最大线程数量 diff --git a/projects/app/src/pageComponents/app/detail/Edit/ChatAgent/EditForm.tsx b/projects/app/src/pageComponents/app/detail/Edit/ChatAgent/EditForm.tsx index 9b853482f8..5dcfe2495d 100644 --- a/projects/app/src/pageComponents/app/detail/Edit/ChatAgent/EditForm.tsx +++ b/projects/app/src/pageComponents/app/detail/Edit/ChatAgent/EditForm.tsx @@ -61,7 +61,7 @@ const EditForm = ({ const { t } = useTranslation(); const { feConfigs } = useSystemStore(); const { teamPlanStatus } = useUserStore(); - const enableSandbox = teamPlanStatus?.standard?.enableSandbox; + const enableSandbox = !teamPlanStatus?.standard || !!teamPlanStatus?.standard?.enableSandbox; const showSandbox = feConfigs.show_agent_sandbox; const selectDatasets = useMemo(() => appForm?.dataset?.datasets, [appForm]); diff --git a/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx b/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx index afda98eaa5..c50fdfd6dc 100644 --- a/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx +++ b/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx @@ -74,7 +74,7 @@ const EditForm = ({ const { defaultModels, feConfigs } = useSystemStore(); const showSandbox = feConfigs.show_agent_sandbox; const { teamPlanStatus } = useUserStore(); - const enableSandbox = teamPlanStatus?.standard?.enableSandbox; + const enableSandbox = !teamPlanStatus?.standard || !!teamPlanStatus?.standard?.enableSandbox; const { appDetail } = useContextSelector(AppContext, (v) => v); const selectDatasets = useMemo(() => appForm?.dataset?.datasets, [appForm]); const [, startTst] = useTransition(); diff --git a/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/render/RenderInput/index.tsx b/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/render/RenderInput/index.tsx index 7575192104..9f329b2d6f 100644 --- a/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/render/RenderInput/index.tsx +++ b/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/render/RenderInput/index.tsx @@ -105,7 +105,7 @@ type Props = { const RenderInput = ({ flowInputList, nodeId, CustomComponent, mb = 5 }: Props) => { const { feConfigs } = useSystemStore(); const { teamPlanStatus } = useUserStore(); - const enableSandbox = teamPlanStatus?.standard?.enableSandbox; + const enableSandbox = !teamPlanStatus?.standard || !!teamPlanStatus?.standard?.enableSandbox; const showSandbox = feConfigs.show_agent_sandbox; const filterProInputs = useMemoEnhance(() => { diff --git a/projects/volume-manager/.env.template b/projects/volume-manager/.env.template index a0ae955a26..9922ea3a88 100644 --- a/projects/volume-manager/.env.template +++ b/projects/volume-manager/.env.template @@ -1,5 +1,5 @@ # 服务监听端口 -VM_PORT=3000 +PORT=3000 # 复制为 .env 后修改 # 鉴权 Token(必填),FastGPT 侧对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN diff --git a/projects/volume-manager/src/env.ts b/projects/volume-manager/src/env.ts index 57e072c209..713b4e5474 100644 --- a/projects/volume-manager/src/env.ts +++ b/projects/volume-manager/src/env.ts @@ -1,6 +1,7 @@ import { z } from 'zod'; const schema = z.object({ + PORT: z.coerce.number().default(3000), VM_AUTH_TOKEN: z.string().min(1), VM_RUNTIME: z.enum(['docker', 'kubernetes']).default('kubernetes'), VM_DOCKER_SOCKET: z.string().default('/var/run/docker.sock'), @@ -8,7 +9,6 @@ const schema = z.object({ VM_K8S_PVC_STORAGE_CLASS: z.string().default('standard'), VM_K8S_PVC_STORAGE_SIZE: z.string().default('1Gi'), VM_VOLUME_NAME_PREFIX: z.string().default('fastgpt-session'), - VM_PORT: z.coerce.number().default(3001), VM_LOG_LEVEL: z.enum(['debug', 'info', 'none']).default('info') }); diff --git a/projects/volume-manager/src/index.ts b/projects/volume-manager/src/index.ts index d2d2444b13..de70644297 100644 --- a/projects/volume-manager/src/index.ts +++ b/projects/volume-manager/src/index.ts @@ -27,7 +27,7 @@ app.use('/v1/*', async (c, next) => { app.route('/v1/volumes', volumeRoutes(service)); const server = Bun.serve({ - port: env.VM_PORT, + port: env.PORT, fetch: app.fetch });