fortemi/Dockerfile.bundle at main · Fortemi/fortemi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
# Dockerfile.bundle - All-in-one Fortémi with embedded PostgreSQL + MCP
#
# Usage:
#   docker build -f Dockerfile.bundle -t fortemi:bundle .
#   docker run -d -p 3000:3000 -p 3001:3001 -v fortemi-data:/var/lib/postgresql/data fortemi:bundle
#
# Build stage for Rust API
FROM rust:slim-bookworm AS builder

ARG VERSION=dev
ARG GIT_SHA=unknown
ARG BUILD_DATE=unknown
ARG CARGO_BUILD_JOBS=8

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config \
    libssl-dev \
    curl \
    && rm -rf /var/lib/apt/lists/*

COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY migrations ./migrations

ENV MATRIC_VERSION=${VERSION}
ENV MATRIC_GIT_SHA=${GIT_SHA}
ENV MATRIC_BUILD_DATE=${BUILD_DATE}

RUN cargo build --release --jobs ${CARGO_BUILD_JOBS} --package matric-api --package matric-crypto && \
    cp target/release/matric-api /app/matric-api && \
    cp target/release/matric-pke /app/matric-pke

# Runtime stage - based on pgvector image for PostgreSQL + pgvector
FROM pgvector/pgvector:pg18 AS runtime

ARG VERSION=dev
ARG GIT_SHA=unknown
ARG BUILD_DATE=unknown

# Optional component flags — set to "false" to disable
# Auto-detected by platform where applicable, or override explicitly
ARG ENABLE_OPEN3D=auto
ARG ENABLE_POSTGIS=true
ARG ENABLE_OCR=true
ARG ENABLE_FFMPEG=true

LABEL org.opencontainers.image.title="fortemi-bundle"
LABEL org.opencontainers.image.description="AI-enhanced knowledge base - all-in-one with PostgreSQL and MCP"
LABEL org.opencontainers.image.version="${VERSION}"
LABEL org.opencontainers.image.revision="${GIT_SHA}"
LABEL org.opencontainers.image.created="${BUILD_DATE}"

# Install runtime dependencies for matric-api and Node.js for MCP server.
# Optional components are controlled by ENABLE_* build args.
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    libssl3 \
    curl \
    gnupg \
    # Core extraction (always available)
    poppler-utils \
    && rm -rf /var/lib/apt/lists/*

# Optional: OCR (tesseract + pandoc)
ARG ENABLE_OCR
RUN if [ "$ENABLE_OCR" = "true" ]; then \
        apt-get update && apt-get install -y --no-install-recommends \
            tesseract-ocr tesseract-ocr-eng pandoc \
        && rm -rf /var/lib/apt/lists/*; \
    else echo "OCR disabled"; fi

# Optional: FFmpeg (video/audio extraction)
ARG ENABLE_FFMPEG
RUN if [ "$ENABLE_FFMPEG" = "true" ]; then \
        apt-get update && apt-get install -y --no-install-recommends ffmpeg \
        && rm -rf /var/lib/apt/lists/*; \
    else echo "FFmpeg disabled"; fi

# Optional: PostGIS (spatial/geographic queries)
ARG ENABLE_POSTGIS
RUN if [ "$ENABLE_POSTGIS" = "true" ]; then \
        apt-get update && apt-get install -y --no-install-recommends \
            postgresql-18-postgis-3 postgresql-18-postgis-3-scripts \
        && rm -rf /var/lib/apt/lists/*; \
    else echo "PostGIS disabled"; fi

# Node.js for MCP server (always required)
RUN apt-get update \
    && mkdir -p /etc/apt/keyrings \
    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" > /etc/apt/sources.list.d/nodesource.list \
    && apt-get update \
    && apt-get install -y nodejs \
    && rm -rf /var/lib/apt/lists/*

# Create app directory
WORKDIR /app

# Copy binaries from builder
COPY --from=builder /app/matric-api /app/matric-api
COPY --from=builder /app/matric-pke /usr/local/bin/matric-pke

# Copy migrations
COPY migrations /app/migrations

# Copy MCP server
COPY mcp-server /app/mcp-server

# Install MCP server dependencies
WORKDIR /app/mcp-server
RUN npm ci --omit=dev

# Optional: Open3D 3D renderer for GLB/GLTF/OBJ/STL multi-view extraction
# Auto-disables on arm64 (no wheel available). Set ENABLE_OPEN3D=false to skip on any platform.
COPY docker/open3d-renderer /app/open3d-renderer

ARG ENABLE_OPEN3D
RUN ARCH=$(dpkg --print-architecture) && \
    if [ "$ENABLE_OPEN3D" = "false" ]; then \
        echo "Open3D disabled by build arg"; \
    elif [ "$ENABLE_OPEN3D" = "auto" ] && [ "$ARCH" != "amd64" ]; then \
        echo "Open3D auto-disabled on $ARCH (no arm64 wheel)"; \
    else \
        apt-get update && apt-get install -y --no-install-recommends \
            python3-pip libegl1 libgl1 libgomp1 libosmesa6 libglu1-mesa \
        && rm -rf /var/lib/apt/lists/* \
        && mkdir -p /usr/share/glvnd/egl_vendor.d \
        && printf '{\n    "file_format_version": "1.0.0",\n    "ICD": {\n        "library_path": "libEGL_nvidia.so.0"\n    }\n}\n' \
           > /usr/share/glvnd/egl_vendor.d/10_nvidia.json \
        && pip3 install --no-cache-dir --break-system-packages \
            -r /app/open3d-renderer/requirements.txt \
        && echo "Open3D installed on $ARCH"; \
    fi

WORKDIR /app

# Copy seed data for support archive (fortemi-docs)
COPY docker/seed-data /app/seed-data

# Copy entrypoint and seed scripts
COPY docker/bundle-entrypoint.sh /app/entrypoint.sh
COPY docker/seed-support-archive.sh /app/seed-support-archive.sh
RUN chmod +x /app/entrypoint.sh /app/seed-support-archive.sh

# Version environment variables
ENV MATRIC_VERSION=${VERSION}
ENV MATRIC_GIT_SHA=${GIT_SHA}
ENV MATRIC_BUILD_DATE=${BUILD_DATE}

# =============================================================================
# PostgreSQL environment
# =============================================================================
ENV POSTGRES_USER=matric
ENV POSTGRES_PASSWORD=matric
ENV POSTGRES_DB=matric
ENV PGDATA=/var/lib/postgresql/data

# =============================================================================
# Matric API environment
# =============================================================================
ENV DATABASE_URL=postgres://matric:matric@localhost:5432/matric
ENV HOST=0.0.0.0
ENV PORT=3000
ENV RUST_LOG=info

# OAuth/Auth - Set ISSUER_URL to your external URL for OAuth discovery
# ENV ISSUER_URL=https://memory.example.com
# OAuth token lifetime (seconds, default: 3600 = 1 hour)
# ENV OAUTH_TOKEN_LIFETIME_SECS=3600
# MCP token lifetime (seconds, default: 14400 = 4 hours)
# ENV OAUTH_MCP_TOKEN_LIFETIME_SECS=14400

# Rate limiting (disable for development/testing)
ENV RATE_LIMIT_ENABLED=false

# Redis cache — disabled in bundle (no Redis sidecar). Enable via
# docker-compose with a Redis service or set REDIS_ENABLED=true + REDIS_URL.
ENV REDIS_ENABLED=false

# Full-text search: enable multilingual, emoji, and CJK support
ENV FTS_SCRIPT_DETECTION=true
ENV FTS_TRIGRAM_FALLBACK=true
ENV FTS_BIGRAM_CJK=true
ENV FTS_MULTILINGUAL_CONFIGS=true
# ENV RATE_LIMIT_REQUESTS=100
# ENV RATE_LIMIT_PERIOD_SECS=60

# Logging
# ENV LOG_FORMAT=json
# ENV LOG_FILE=/var/log/matric/api.log
# ENV LOG_ANSI=false

# Background worker (enabled by default)
# ENV WORKER_ENABLED=true

# =============================================================================
# 3D Model Renderer (Open3D)
# =============================================================================
# Internal renderer URL - points to the bundled Open3D renderer
ENV RENDERER_URL=http://localhost:8080
ENV RENDERER_PORT=8080

# Backup configuration
# ENV BACKUP_DEST=/var/backups/matric-memory
# ENV BACKUP_SCRIPT_PATH=/app/scripts/backup.sh

# =============================================================================
# Ollama (local LLM) configuration - for embeddings and generation
# =============================================================================
# ENV OLLAMA_BASE=http://localhost:11434
# ENV OLLAMA_HOST=http://localhost:11434
# ENV OLLAMA_EMBED_MODEL=nomic-embed-text
# ENV OLLAMA_GEN_MODEL=llama3.2
# ENV OLLAMA_EMBED_DIM=768

# =============================================================================
# OpenAI configuration - alternative to Ollama
# =============================================================================
# ENV OPENAI_BASE_URL=https://api.openai.com/v1
# ENV OPENAI_API_KEY=sk-xxx
# ENV OPENAI_EMBED_MODEL=text-embedding-3-small
# ENV OPENAI_GEN_MODEL=gpt-4o-mini
# ENV OPENAI_EMBED_DIM=1536
# ENV OPENAI_TIMEOUT=30
# ENV OPENAI_SKIP_TLS_VERIFY=false

# =============================================================================
# MCP Server environment
# =============================================================================
ENV MCP_TRANSPORT=http
ENV MCP_PORT=3001
ENV MATRIC_API_URL=http://localhost:3000
# MCP_BASE_URL should be set to external URL (e.g., https://memory.example.com/mcp)
# ENV MCP_BASE_URL=https://memory.example.com/mcp

# MCP OAuth client credentials (required for token introspection)
# Register a client via POST /oauth/register then set these
# ENV MCP_CLIENT_ID=mm_xxx
# ENV MCP_CLIENT_SECRET=xxx

# Expose API and MCP ports
EXPOSE 3000 3001

# Health check against the API
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:3000/health || exit 1

# Data volumes for persistence
VOLUME ["/var/lib/postgresql/data", "/var/lib/matric/files"]

# Use custom entrypoint that starts PostgreSQL, runs migrations, then starts API + MCP
ENTRYPOINT ["/app/entrypoint.sh"]