Yash030 commited on
Commit
c1c78f1
·
1 Parent(s): dd8819e

refactor: use official iii binary, pinned versions, HMAC secret, tini init

Browse files
Files changed (2) hide show
  1. Dockerfile +99 -19
  2. start.sh +30 -18
Dockerfile CHANGED
@@ -1,34 +1,114 @@
1
- FROM node:20-bookworm
2
 
3
- # Install Caddy + Python (for huggingface_hub CLI)
4
- RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl unzip python3 python3-pip \
5
- && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg \
6
- && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list \
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  && apt-get update && apt-get install -y caddy \
8
  && pip3 install --break-system-packages huggingface_hub \
9
- && apt-get clean && rm -rf /var/lib/apt/lists/*
10
 
11
- # Set up user and environment
12
- RUN userdel -r node && useradd -m -u 1000 user
13
- WORKDIR /app
 
 
 
14
 
15
- # Install agentmemory dependencies
16
- COPY package.json /app/
17
- RUN npm install
 
 
 
 
18
 
19
- # Set permissions
20
- RUN chown -R user:user /app
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
 
22
- # Switch to non-root user
23
  USER user
24
- ENV HOME=/app
25
 
26
- # Copy Caddyfile and startup script
27
  COPY --chown=user:user Caddyfile /app/Caddyfile
28
  COPY --chown=user:user start.sh /app/start.sh
 
29
  RUN chmod +x /app/start.sh
30
 
31
- # Expose HF default port
32
  EXPOSE 7860
33
 
34
- CMD ["/app/start.sh"]
 
1
+ ARG III_VERSION=0.11.2
2
 
3
+ # Pull the official iii engine binary
4
+ FROM iiidev/iii:${III_VERSION} AS iii-image
5
+
6
+ FROM node:22-slim
7
+
8
+ ARG AGENTMEMORY_VERSION=0.9.21
9
+ ARG III_VERSION=0.11.2
10
+ ARG III_SDK_VERSION=0.11.2
11
+
12
+ # Install Caddy + runtime deps
13
+ RUN apt-get update \
14
+ && apt-get install -y --no-install-recommends \
15
+ debian-keyring debian-archive-keyring apt-transport-https \
16
+ curl openssl ca-certificates tini gosu python3 python3-pip \
17
+ && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
18
+ | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg \
19
+ && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
20
+ | tee /etc/apt/sources.list.d/caddy-stable.list \
21
  && apt-get update && apt-get install -y caddy \
22
  && pip3 install --break-system-packages huggingface_hub \
23
+ && rm -rf /var/lib/apt/lists/*
24
 
25
+ # Copy iii binary from official image (avoids re-downloading on every boot)
26
+ COPY --from=iii-image /app/iii /usr/local/bin/iii
27
+
28
+ # Set up HF Spaces user (uid 1000 required)
29
+ RUN userdel -r node 2>/dev/null || true \
30
+ && useradd -m -u 1000 user
31
 
32
+ # Install agentmemory with pinned iii-sdk to match engine version
33
+ WORKDIR /opt/agentmemory
34
+ RUN printf '{"name":"agentmemory-deploy","version":"1.0.0","private":true,"overrides":{"iii-sdk":"%s"}}\n' \
35
+ "${III_SDK_VERSION}" > package.json \
36
+ && npm install "@agentmemory/agentmemory@${AGENTMEMORY_VERSION}" \
37
+ --omit=optional --no-fund --no-audit \
38
+ && ln -s /opt/agentmemory/node_modules/.bin/agentmemory /usr/local/bin/agentmemory
39
 
40
+ # Override iii-config.yaml at build time:
41
+ # - bind 0.0.0.0 (not 127.0.0.1) so Caddy can reach it
42
+ # - use absolute /home/user/.agentmemory paths so data lands in our sync dir
43
+ RUN cat > /opt/agentmemory/node_modules/@agentmemory/agentmemory/dist/iii-config.yaml <<'EOF'
44
+ workers:
45
+ - name: iii-http
46
+ config:
47
+ port: 3111
48
+ host: 0.0.0.0
49
+ default_timeout: 180000
50
+ cors:
51
+ allowed_origins:
52
+ - "http://localhost:3111"
53
+ - "http://localhost:3113"
54
+ - "http://127.0.0.1:3111"
55
+ - "http://127.0.0.1:3113"
56
+ allowed_methods: [GET, POST, PUT, DELETE, OPTIONS]
57
+ - name: iii-state
58
+ config:
59
+ adapter:
60
+ name: kv
61
+ config:
62
+ store_method: file_based
63
+ file_path: /home/user/.agentmemory/state_store.db
64
+ - name: iii-queue
65
+ config:
66
+ adapter:
67
+ name: builtin
68
+ - name: iii-pubsub
69
+ config:
70
+ adapter:
71
+ name: local
72
+ - name: iii-cron
73
+ config:
74
+ adapter:
75
+ name: kv
76
+ - name: iii-stream
77
+ config:
78
+ port: 3112
79
+ host: 0.0.0.0
80
+ adapter:
81
+ name: kv
82
+ config:
83
+ store_method: file_based
84
+ file_path: /home/user/.agentmemory/stream_store
85
+ - name: iii-observability
86
+ config:
87
+ enabled: true
88
+ service_name: agentmemory
89
+ exporter: memory
90
+ sampling_ratio: 1.0
91
+ metrics_enabled: true
92
+ logs_enabled: true
93
+ logs_console_output: true
94
+ EOF
95
+
96
+ # Give user 1000 ownership of everything it needs to write at runtime
97
+ RUN chown -R user:user /opt/agentmemory /home/user
98
+
99
+ ENV TINI_SUBREAPER=1 \
100
+ HOME=/home/user
101
+
102
+ WORKDIR /app
103
+ RUN chown user:user /app
104
 
 
105
  USER user
 
106
 
 
107
  COPY --chown=user:user Caddyfile /app/Caddyfile
108
  COPY --chown=user:user start.sh /app/start.sh
109
+ COPY --chown=user:user sync.py /app/sync.py
110
  RUN chmod +x /app/start.sh
111
 
 
112
  EXPOSE 7860
113
 
114
+ ENTRYPOINT ["/usr/bin/tini", "--", "/app/start.sh"]
start.sh CHANGED
@@ -1,16 +1,18 @@
1
  #!/bin/bash
 
2
 
3
- # Create config folder
4
- mkdir -p ~/.agentmemory
5
 
6
  # =============================================================================
7
  # Persistent storage via HF Dataset repo (free)
8
- # Set AGENTMEMORY_DATASET_REPO in Space secrets (default: Yashwant00CR7/agentmemory-data)
9
- # Set HF_TOKEN in Space secrets with write access to that dataset repo
 
 
10
  # =============================================================================
11
  export AGENTMEMORY_DATASET_REPO="${AGENTMEMORY_DATASET_REPO:-Yash030/agentmemory-data}"
12
 
13
- # Restore DB from HF Dataset on startup
14
  echo "[start] Restoring data from HF Dataset..."
15
  python3 /app/sync.py restore
16
 
@@ -22,23 +24,33 @@ python3 /app/sync.py restore
22
  done
23
  ) &
24
 
25
- # The daemon runs inside the Space and must talk to its own services on local
26
- # container ports. Use the public hf.space URL only from your local machine.
27
  export AGENTMEMORY_URL=http://localhost:3111
28
  export III_ENGINE_URL=ws://localhost:49134
29
 
30
- # Hugging Face proxies requests with the public *.hf.space host. agentmemory's
31
- # viewer rejects unknown Host headers unless they are explicitly allowed.
32
  if [ -n "${SPACE_HOST}" ]; then
33
  export VIEWER_ALLOWED_HOSTS="${VIEWER_ALLOWED_HOSTS:-${SPACE_HOST},${SPACE_HOST}:443,${SPACE_HOST}:7860}"
34
  export VIEWER_ALLOWED_ORIGINS="${VIEWER_ALLOWED_ORIGINS:-https://${SPACE_HOST},http://${SPACE_HOST},http://localhost:3111,http://localhost:3113,http://127.0.0.1:3111,http://127.0.0.1:3113}"
35
  fi
36
 
37
- # Dynamically write env config from environment variables
38
- cat <<EOF > ~/.agentmemory/.env
39
- # =============================================================================
40
- # agentmemory configuration (Hugging Face Spaces)
41
- # =============================================================================
 
 
 
 
 
 
 
 
 
 
 
 
42
  GEMINI_API_KEY=${GEMINI_API_KEY}
43
  AGENTMEMORY_SECRET=${AGENTMEMORY_SECRET}
44
  AGENTMEMORY_URL=${AGENTMEMORY_URL}
@@ -53,11 +65,11 @@ VIEWER_ALLOWED_HOSTS=${VIEWER_ALLOWED_HOSTS}
53
  VIEWER_ALLOWED_ORIGINS=${VIEWER_ALLOWED_ORIGINS}
54
  EOF
55
 
56
- # Start agentmemory daemon in the background
57
- npx @agentmemory/agentmemory &
58
 
59
- # Wait for boot
60
  sleep 5
61
 
62
- # Start Caddy reverse proxy
63
  caddy run --config /app/Caddyfile --adapter caddyfile
 
1
  #!/bin/bash
2
+ set -e
3
 
4
+ # Create agentmemory data dir
5
+ mkdir -p /home/user/.agentmemory
6
 
7
  # =============================================================================
8
  # Persistent storage via HF Dataset repo (free)
9
+ # Secrets to set in HF Space settings:
10
+ # HF_TOKEN write access to the dataset repo
11
+ # GEMINI_API_KEY — powers graph, embeddings, compression, crystals
12
+ # AGENTMEMORY_DATASET_REPO — optional override (default: Yash030/agentmemory-data)
13
  # =============================================================================
14
  export AGENTMEMORY_DATASET_REPO="${AGENTMEMORY_DATASET_REPO:-Yash030/agentmemory-data}"
15
 
 
16
  echo "[start] Restoring data from HF Dataset..."
17
  python3 /app/sync.py restore
18
 
 
24
  done
25
  ) &
26
 
27
+ # Internal service URLs (daemon talks to itself on localhost)
 
28
  export AGENTMEMORY_URL=http://localhost:3111
29
  export III_ENGINE_URL=ws://localhost:49134
30
 
31
+ # Allow HF Space's public host through the viewer's host check
 
32
  if [ -n "${SPACE_HOST}" ]; then
33
  export VIEWER_ALLOWED_HOSTS="${VIEWER_ALLOWED_HOSTS:-${SPACE_HOST},${SPACE_HOST}:443,${SPACE_HOST}:7860}"
34
  export VIEWER_ALLOWED_ORIGINS="${VIEWER_ALLOWED_ORIGINS:-https://${SPACE_HOST},http://${SPACE_HOST},http://localhost:3111,http://localhost:3113,http://127.0.0.1:3111,http://127.0.0.1:3113}"
35
  fi
36
 
37
+ # Generate HMAC secret on first boot, persist it so it survives dataset restore
38
+ HMAC_FILE="/home/user/.agentmemory/.hmac"
39
+ if [ ! -s "$HMAC_FILE" ]; then
40
+ SECRET="$(openssl rand -hex 32)"
41
+ printf '%s\n' "$SECRET" > "$HMAC_FILE"
42
+ chmod 600 "$HMAC_FILE"
43
+ echo "================================================================"
44
+ echo "agentmemory: generated HMAC secret on first boot"
45
+ echo "AGENTMEMORY_SECRET=$SECRET"
46
+ echo "Copy this to your Space secrets as AGENTMEMORY_SECRET."
47
+ echo "It will not be printed again."
48
+ echo "================================================================"
49
+ fi
50
+ export AGENTMEMORY_SECRET="${AGENTMEMORY_SECRET:-$(cat "$HMAC_FILE")}"
51
+
52
+ # Write .env config for the daemon
53
+ cat > /home/user/.agentmemory/.env <<EOF
54
  GEMINI_API_KEY=${GEMINI_API_KEY}
55
  AGENTMEMORY_SECRET=${AGENTMEMORY_SECRET}
56
  AGENTMEMORY_URL=${AGENTMEMORY_URL}
 
65
  VIEWER_ALLOWED_ORIGINS=${VIEWER_ALLOWED_ORIGINS}
66
  EOF
67
 
68
+ # Start agentmemory daemon (installed binary, not npx)
69
+ agentmemory &
70
 
71
+ # Wait for daemon to be ready
72
  sleep 5
73
 
74
+ # Start Caddy reverse proxy (serves everything on port 7860)
75
  caddy run --config /app/Caddyfile --adapter caddyfile