docker-compose.yml

# ==============================================================================
# OpenClaw Docker Compose Development Environment
# ==============================================================================
# ⚠️  首次使用: 复制 .env.example 为 .env，或运行 ./docker-setup.sh
# ==============================================================================
# Quick Start:
#   ./docker-setup.sh                                 # 启动服务
#   docker compose logs -f                              # 查看日志
#   docker compose down                                # 停止服务
#
# Key Features:
#   - Claude Code CLI 内置
#   - 代理配置 (访问 Google/Claude API)
#   - Go/TypeScript/Python 开发环境
#   - 浏览器自动化 (Playwright)
#   - Office 文件处理 (pandoc + LaTeX)
# ==============================================================================

# ------------------------------------------------------------------------------
# YAML Anchors for DRY Configuration
# ------------------------------------------------------------------------------
x-openclaw-common: &openclaw-common
  image: ${OPENCLAW_IMAGE:-openclaw}
  environment: &common-env
    HOST_UID: ${HOST_UID:-1000}
    # ─────────────────────────────────────────────────────────────────
    # Proxy Configuration
    # ─────────────────────────────────────────────────────────────────
    # Required for accessing Google and Claude API from restricted network environments
    # Ports: 7897 (HTTP proxy), 15721 (Claude API proxy)
    # ─────────────────────────────────────────────────────────────────
    HTTP_PROXY: ${HTTP_PROXY:-}
    HTTPS_PROXY: ${HTTPS_PROXY:-}
    NO_PROXY: localhost,127.0.0.1,host.docker.internal,.local,.internal
    # ─────────────────────────────────────────────────────────────────
    # Claude API Configuration
    # ─────────────────────────────────────────────────────────────────
    ANTHROPIC_AUTH_TOKEN: ${ANTHROPIC_AUTH_TOKEN:-}
    ANTHROPIC_BASE_URL: ${ANTHROPIC_BASE_URL:-}
    API_TIMEOUT_MS: "3000000"
    CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
    CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS: "1"
    # ─────────────────────────────────────────────────────────────────
    # Runtime Configuration
    # ─────────────────────────────────────────────────────────────────
    TZ: ${TZ:-Asia/Shanghai}
    PLAYWRIGHT_BROWSERS_PATH: /home/node/.cache/ms-playwright
    NOTEBOOKLM_STORAGE: /home/node/.notebooklm/storage_state.json
    # gogcli keyring password (for Google Workspace CLI)
    GOG_KEYRING_PASSWORD: ${GOG_KEYRING_PASSWORD:-}
    NODE_COMPILE_CACHE: /var/tmp/openclaw-compile-cache  # compile cache in named volume (survives container recreation)
    OPENCLAW_NO_RESPAWN: "1"  # disable gateway auto-respawn (DevKit manages lifecycle)
  # Requires Docker Engine 20.10+ for host-gateway special value.
  # On older Docker versions (pre-20.10), replace host-gateway with:
  #   Linux:   "$(ip route show default | awk '/default/ {print $3}')"
  #   macOS/Windows (Docker Desktop): no extra_hosts needed (auto-managed).
  extra_hosts:
    - "host.docker.internal:host-gateway"
  logging: &common-logging
    driver: json-file
    options:
      max-size: "10m"
      max-file: "3"
  deploy: &common-deploy
    resources:
      limits:
        memory: 4G
        cpus: '4.0'
      reservations:
        memory: 1G
        cpus: '0.5'
  restart: unless-stopped

# ------------------------------------------------------------------------------
# Named Volumes
# ------------------------------------------------------------------------------
volumes:
  # Claude Code 专用命名卷: 持久化 .claude/ (session, memory, skills state)
  # 重建后自动保留，无须 seed 拷贝
  openclaw-claude-home:
    name: openclaw-claude-home

  # 工具链 + Go 生态 + 浏览器缓存命名卷
  openclaw-devkit-home:
    name: openclaw-devkit-home

services:
  # ============================================================================
  # OpenClaw Gateway
  # ============================================================================

  openclaw-gateway:
    <<: *openclaw-common
    container_name: openclaw-gateway
    ports:
      - "127.0.0.1:${OPENCLAW_GATEWAY_PORT:-18789}:18789"
      - "127.0.0.1:${OPENCLAW_BRIDGE_PORT:-18790}:18790"
      - "127.0.0.1:${OPENCLAW_BROWSER_PORT:-18791}:18791"
    env_file:
      - .env
    environment:
      <<: *common-env
      OPENCLAW_HOME: /home/node
      # Node.js package managers (npm/pnpm/bun)
      npm_config_prefix: /home/node/.global
      pnpm_config_global_dir: /home/node/.global/pnpm
      pnpm_config_global_bin_dir: /home/node/.global/bin
      BUN_INSTALL_PREFIX: /home/node/.global
      # Python package manager (uv) - force user-level installation
      UV_SYSTEM_PYTHON: "0"
      UV_NO_PROGRESS: "1"
    init: true
    stop_grace_period: 30s
    volumes:
      # ─────────────────────────────────────────────────────────────────
      # Layer 1: 工具链命名卷 (persistent data, preserves image /home/node/.global)
      # Mount specific subdirectories to avoid overwriting pre-installed tools
      # ─────────────────────────────────────────────────────────────────
      - openclaw-devkit-home:/home/node/.local:rw
      - openclaw-devkit-home:/home/node/.cache:rw
      - openclaw-devkit-home:/home/node/go:rw
      - openclaw-devkit-home:/home/node/.agents:rw

      # ─────────────────────────────────────────────────────────────────
      # Layer 2: Claude Code 命名卷 (session/memory persist across rebuilds)
      # ─────────────────────────────────────────────────────────────────
      - openclaw-claude-home:/home/node/.claude:rw

      # ─────────────────────────────────────────────────────────────────
      # Layer 3: 用户配置共享 (host → container, bind mounts)
      #    More specific paths override Layer 1 named volume.
      # ─────────────────────────────────────────────────────────────────
      # OpenClaw 配置目录 (默认 ~/.openclaw，存量用户直接挂载，无迁移)
      - ${HOST_OPENCLAW_DIR:-${HOME}/.openclaw}:/home/node/.openclaw:rw
      # NotebookLM CLI 状态
      - ${HOME:-${USERPROFILE:-/tmp}}/.notebooklm:/home/node/.notebooklm:rw
      # Claude Code 只读配置 (覆盖 Layer 2 命名卷中的同名路径)
      - ${HOME:-${USERPROFILE:-/tmp}}/.claude/settings.json:/home/node/.claude/settings.json:ro
      - ${HOME:-${USERPROFILE:-/tmp}}/.claude/skills:/home/node/.claude/skills:ro
      - ${HOME:-${USERPROFILE:-/tmp}}/.claude/statusline.sh:/home/node/.claude/statusline.sh.seed:ro
      # Plugin marketplaces - 宿主机作为只读 seed 源，容器维护独立副本
      # (entrypoint 自动同步并转换路径)
      - ${HOME:-${USERPROFILE:-/tmp}}/.claude/plugins/known_marketplaces.json:/home/node/.claude/plugins/.host-marketplaces-seed.json:ro
      - ${HOME:-${USERPROFILE:-/tmp}}/.claude/plugins/marketplaces:/home/node/.claude/plugins/marketplaces-host:ro
      # .agents/skills 只读共享
      - ${HOME:-${USERPROFILE:-/tmp}}/.agents/skills:/home/node/.agents/skills:ro
      # ClawHub CLI 凭据 (跨平台: macOS/Linux/Windows)
      - ${HOST_CLAWHUB_DIR:-${HOME}/.config/clawhub}:/home/node/.config/clawhub:rw

      # ─────────────────────────────────────────────────────────────────
      # Layer 4: 脚本 (只读)
      # ─────────────────────────────────────────────────────────────────
      - ./docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh:ro
    # Run as root so the entrypoint can fix volume permissions before switching to node.
    # The entrypoint uses `exec runuser -u node` to switch to node after setup.
    user: root
    healthcheck:
      test: [ "CMD", "node", "-e", "require('http').get('http://127.0.0.1:18789/healthz', (res) => process.exit(res.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))" ]
      interval: 10s
      timeout: 10s
      retries: 3
      start_period: 30s
    labels:
      - "openclaw.service=gateway"
      - "openclaw.environment=dev"