singularity-forge/docker/docker-compose.full.yaml

services:
  gsd:
    build:
      context: .                        # Build context is the docker/ directory
      dockerfile: Dockerfile.sandbox    # Runtime sandbox image with entrypoint
      args:
        SF_VERSION: latest             # Pin a specific version: SF_VERSION=2.51.0

    container_name: gsd-sandbox

    ports:
      - "3000:3000"                     # SF web UI

    volumes:
      - ../:/workspace                  # Project root mounted into the container
      - gsd-state:/home/gsd/.gsd        # Persistent SF state across restarts
      # - ~/.ssh:/home/gsd/.ssh:ro      # SSH keys for git operations (read-only)
      # - ~/.gitconfig:/home/gsd/.gitconfig:ro  # Host git config

    env_file:
      - .env                            # API keys and secrets (see .env.example)

    environment:
      - NODE_ENV=development
      # UID/GID remapping — match your host user to avoid permission issues
      # on bind-mounted volumes. The entrypoint remaps the container's gsd
      # user to these IDs at startup. Run `id -u` / `id -g` to find yours.
      - PUID=1000
      - PGID=1000
      # Git identity inside the container (overrides .env if set here)
      # - GIT_AUTHOR_NAME=Your Name
      # - GIT_AUTHOR_EMAIL=you@example.com

    stdin_open: true                    # Keep stdin open for interactive use
    tty: true                           # Allocate a pseudo-TTY

    # Health check — verify SF is installed and responsive
    healthcheck:
      test: ["CMD", "gsd", "--version"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

    # Resource limits — uncomment to constrain container resources
    # deploy:
    #   resources:
    #     limits:
    #       cpus: "4.0"
    #       memory: 8G
    #     reservations:
    #       cpus: "1.0"
    #       memory: 2G

    # Network mode — uncomment ONE if you need host networking
    # network_mode: host               # Full host network access (no port mapping needed)
    # network_mode: bridge             # Default Docker bridge (already the default)

volumes:
  gsd-state:
    driver: local
fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00			`services:`
			`gsd:`
			`build:`
			`context: . # Build context is the docker/ directory`
			`dockerfile: Dockerfile.sandbox # Runtime sandbox image with entrypoint`
			`args:`
chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 14:54:20 +02:00			`SF_VERSION: latest # Pin a specific version: SF_VERSION=2.51.0`
fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00
			`container_name: gsd-sandbox`

			`ports:`
chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 14:54:20 +02:00			`- "3000:3000" # SF web UI`
fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00
			`volumes:`
			`- ../:/workspace # Project root mounted into the container`
chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 14:54:20 +02:00			`- gsd-state:/home/gsd/.gsd # Persistent SF state across restarts`
fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00			`# - ~/.ssh:/home/gsd/.ssh:ro # SSH keys for git operations (read-only)`
			`# - ~/.gitconfig:/home/gsd/.gitconfig:ro # Host git config`

			`env_file:`
			`- .env # API keys and secrets (see .env.example)`

			`environment:`
			`- NODE_ENV=development`
			`# UID/GID remapping — match your host user to avoid permission issues`
			`# on bind-mounted volumes. The entrypoint remaps the container's gsd`
			# user to these IDs at startup. Run `id -u` / `id -g` to find yours.
			`- PUID=1000`
			`- PGID=1000`
			`# Git identity inside the container (overrides .env if set here)`
			`# - GIT_AUTHOR_NAME=Your Name`
			`# - GIT_AUTHOR_EMAIL=you@example.com`

			`stdin_open: true # Keep stdin open for interactive use`
			`tty: true # Allocate a pseudo-TTY`

chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 14:54:20 +02:00			`# Health check — verify SF is installed and responsive`
fix(docker): overhaul fragile setup, adopt proven container patterns (#2716) Split fake multi-stage Dockerfile into independent CI builder and runtime images. Add proper entrypoint with UID/GID remapping via PUID/PGID, sentinel-based first-boot bootstrap, pre-creation of critical file targets, and signal-forwarding privilege drop via gosu. Standardize on Node 24, split compose into minimal + full reference. Closes #9 2026-03-26 18:10:49 -04:00			`healthcheck:`
			`test: ["CMD", "gsd", "--version"]`
			`interval: 30s`
			`timeout: 5s`
			`retries: 3`
			`start_period: 10s`

			`# Resource limits — uncomment to constrain container resources`
			`# deploy:`
			`# resources:`
			`# limits:`
			`# cpus: "4.0"`
			`# memory: 8G`
			`# reservations:`
			`# cpus: "1.0"`
			`# memory: 2G`

			`# Network mode — uncomment ONE if you need host networking`
			`# network_mode: host # Full host network access (no port mapping needed)`
			`# network_mode: bridge # Default Docker bridge (already the default)`

			`volumes:`
			`gsd-state:`
			`driver: local`