docker

deploy/docker/global/docker-compose.milvus.yml

@@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx'
 x-plugin-auth-token: &x-plugin-auth-token 'token'
 # code sandbox token
 x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
+# volume manager auth token
+x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -234,6 +236,19 @@ services:
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== Agent sandbox 配置 ====================
+      AGENT_SANDBOX_PROVIDER: opensandbox
+      # OpenSandbox 配置（PROVIDER: opensandbox 时生效）
+      AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090
+      AGENT_SANDBOX_OPENSANDBOX_API_KEY:
+      AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker
+      AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox
+      AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest
+      # Volume 持久化配置（opensandbox provider 下可选）
+      AGENT_SANDBOX_ENABLE_VOLUME: true
+      AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001
+      AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token
+
       # ==================== 日志与监控 ====================
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
@@ -342,6 +357,54 @@ services:
       interval: 30s
       timeout: 20s
       retries: 3
+
+  # 沙盒控制器：管理 Docker 容器的创建/执行/停止/删除
+  # runtime=docker 模式需要挂载 Docker socket
+  # 配置 docker.host_ip 为宿主机 LAN IP（容器内访问宿主机服务用）
+  opensandbox-server:
+    image: opensandbox/server:v0.1.9
+    container_name: opensandbox-server
+    restart: always
+    networks:
+      - fastgpt
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载
+    configs:
+      - source: opensandbox-config
+        target: /etc/opensandbox/config.toml
+    environment:
+      - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  # 卷管理微服务：负责幂等创建/删除 Docker named volume 或 k8s PVC
+  volume-manager:
+    image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1
+    container_name: volume-manager
+    restart: always
+    networks:
+      - fastgpt
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载（只读即可）
+    environment:
+      - VM_RUNTIME=docker
+      - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN
+      - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀
+      - VM_LOG_LEVEL=info
+    healthcheck:
+      test:
+        [
+          'CMD',
+          'bun',
+          '-e',
+          "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })"
+        ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   # AI Proxy
   aiproxy:
     image: ghcr.io/labring/aiproxy:v0.3.5
@@ -394,3 +457,23 @@ networks:
   aiproxy:
   vector:
 
+configs:
+  opensandbox-config:
+    content: |
+      [server]
+      host = "0.0.0.0"
+      port = 8090
+      log_level = "INFO"
+
+      [runtime]
+      type = "docker"
+       execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6"
+
+      [egress]
+      image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
+
+      [docker]
+      network_mode = "bridge"
+      # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname
+      # macOS/Windows: host.docker.internal；Linux: 宿主机 LAN IP（如 192.168.1.100）
+      host_ip = "host.docker.internal"