Skip to content

chore(hosting): wire the agent runner sidecar into compose #4776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mmabrouk wants to merge 4 commits into
base: big-agents
Choose a base branch
from
+75 −22
Open

chore(hosting): wire the agent runner sidecar into compose #4776

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
143edd6
chore(hosting): wire the agent runner sidecar into the dev compose stack
mmabrouk Jun 19, 2026
3017977
chore(hosting): clarify agent sidecar dependency
mmabrouk Jun 19, 2026
76ad769
fix(hosting): rebuild the Pi extension on agent-pi start
mmabrouk Jun 20, 2026
14ab328
refactor(hosting): rename rivet service to sandbox-agent in dev compose
mmabrouk Jun 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 75 additions & 22 deletions hosting/docker-compose/ee/docker-compose.dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,15 @@ services:
# === EXECUTION ============================================ #
command: ["true"]

.sandbox-agent:
# === IMAGE ================================================ #
image: agenta-ee-dev-sandbox-agent:latest
build:
context: ../../../services/agent
dockerfile: docker/Dockerfile.dev
# === EXECUTION ============================================ #
command: ["true"]

web:
# === ACTIVATION =========================================== #
profiles:
Expand All @@ -46,9 +55,6 @@ services:
- ../../../web/oss/src:/app/oss/src
- ../../../web/oss/public:/app/oss/public
- ../../../web/packages:/app/packages
- nextjs-ee-cache:/app/ee/.next/cache
- nextjs-oss-cache:/app/oss/.next/cache
- turbo-ee-cache:/app/.turbo
# === CONFIGURATION ======================================== #
env_file:
- ${ENV_FILE:-./.env.ee.dev}
Expand Down Expand Up @@ -82,12 +88,8 @@ services:
"--reload-dir",
"/app/ee/src",
"--reload-dir",
"/app/ee/databases",
"--reload-dir",
"/app/oss/src",
"--reload-dir",
"/app/oss/databases",
"--reload-dir",
"/app/entrypoints",
"--reload-dir",
"/sdks/python/agenta",
Expand Down Expand Up @@ -150,9 +152,7 @@ services:
image: agenta-ee-dev-api:latest
# === EXECUTION ============================================ #
command: >
watchmedo auto-restart --directory=/app/ee/src --directory=/app/ee/databases --directory=/app/oss/src
--directory=/app/oss/databases --directory=/app/entrypoints --directory=/sdks/python/agenta
--directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --
watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Inspect worker watch directories and mounted source directories.
# Expected: worker watchmedo commands include the mounted SDK/client paths or those mounts are intentionally not hot-reloaded.

sed -n '141,264p' hosting/docker-compose/ee/docker-compose.dev.yml

Repository: Agenta-AI/agenta

Length of output: 5516

🏁 Script executed:

# Check structure of SDK and client directories
find ../../../sdks/python -maxdepth 2 -type d 2>/dev/null | head -20
echo "---"
find ../../../clients/python -maxdepth 2 -type d 2>/dev/null | head -20

Repository: Agenta-AI/agenta

Length of output: 64

🏁 Script executed:

# Search for API service hot-reload configuration to understand expected pattern
rg -A 10 "watchmedo.*directory=" hosting/docker-compose/ee/ --no-heading

Repository: Agenta-AI/agenta

Length of output: 4521

🏁 Script executed:

# Check if there are any existing references to watching SDK/client paths
rg "sdks/python|clients/python" hosting/docker-compose/ -B 2 -A 2

Repository: Agenta-AI/agenta

Length of output: 13615

Add SDK and client paths to worker watchmedo scopes.

The four worker services watch only /app/, but they mount SDK and client code at /sdks/python and /clients/python. This means edits to those dependencies will not trigger restarts, unlike the API service in the same file which includes them. Align worker watchers with the OSS version and API service by adding both directories:

♻️ Proposed watcher scope fix 
-            watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --
+            watchmedo auto-restart --directory=/app/ --directory=/sdks/python/agenta --directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --

Apply to lines 146, 183, 220, and 263 (worker-evaluations, worker-tracing, worker-webhooks, worker-events).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --
watchmedo auto-restart --directory=/app/ --directory=/sdks/python/agenta --directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --

python -m entrypoints.worker_evaluations
# === STORAGE ============================================== #
volumes:
Expand Down Expand Up @@ -189,9 +189,7 @@ services:
image: agenta-ee-dev-api:latest
# === EXECUTION ============================================ #
command: >
watchmedo auto-restart --directory=/app/ee/src --directory=/app/ee/databases --directory=/app/oss/src
--directory=/app/oss/databases --directory=/app/entrypoints --directory=/sdks/python/agenta
--directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --
watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --
python -m entrypoints.worker_tracing
# === STORAGE ============================================== #
volumes:
Expand Down Expand Up @@ -228,9 +226,7 @@ services:
image: agenta-ee-dev-api:latest
# === EXECUTION ============================================ #
command: >
watchmedo auto-restart --directory=/app/ee/src --directory=/app/ee/databases --directory=/app/oss/src
--directory=/app/oss/databases --directory=/app/entrypoints --directory=/sdks/python/agenta
--directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --
watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --
python -m entrypoints.worker_webhooks
# === STORAGE ============================================== #
volumes:
Expand Down Expand Up @@ -273,9 +269,7 @@ services:
image: agenta-ee-dev-api:latest
# === EXECUTION ============================================ #
command: >
watchmedo auto-restart --directory=/app/ee/src --directory=/app/ee/databases --directory=/app/oss/src
--directory=/app/oss/databases --directory=/app/entrypoints --directory=/sdks/python/agenta
--directory=/clients/python/agenta_client --pattern=*.py --recursive --ignore-patterns=*/tests/* --
watchmedo auto-restart --directory=/app/ --pattern=*.py --recursive --ignore-patterns=*/tests/* --
python -m entrypoints.worker_events
# === STORAGE ============================================== #
volumes:
Expand Down Expand Up @@ -409,11 +403,17 @@ services:
- ${ENV_FILE:-./.env.ee.dev}
environment:
DOCKER_NETWORK_MODE: ${DOCKER_NETWORK_MODE:-bridge}
AGENTA_AGENT_RUNNER_URL: http://sandbox-agent:8765
AGENTA_AGENT_ENABLE_MCP: ${AGENTA_AGENT_ENABLE_MCP:-false}
# === NETWORK ============================================== #
networks:
- agenta-network
extra_hosts:
- "host.docker.internal:host-gateway"
# === ORCHESTRATION ======================================== #
depends_on:
sandbox-agent:
condition: service_healthy
# === LABELS =============================================== #
labels:
- "traefik.http.routers.services.rule=PathPrefix(`/services/`)"
Expand All @@ -426,6 +426,61 @@ services:
# === LIFECYCLE ============================================ #
restart: always

sandbox-agent:
# === IMAGE ================================================ #
image: agenta-ee-dev-sandbox-agent:latest
# === EXECUTION ============================================ #
# No file watcher (the box's inotify limit is shared across stacks). Copy the
# read-only mounted Pi login into a writable path so OAuth refresh stays
# in-container. This command replaces the image CMD, so the Pi extension rebuild
# has to live here too: dist/ is not bind-mounted and src/extensions/agenta.ts is,
# so without this a restart keeps a stale bundle and custom tools silently stop
# being delivered on the sandbox-agent path. Rebuild from the mounted
# src on start; fail loud if it cannot build rather than run a stale bundle.
command: >
sh -c "mkdir -p /pi-agent && cp -a /pi-agent-ro/. /pi-agent/ 2>/dev/null || true;
node scripts/build-extension.mjs &&
exec node_modules/.bin/tsx src/server.ts"
# === CONFIGURATION ======================================== #
# Deliberately no env_file: the harness sandbox must not inherit the stack's
# secrets (COMPOSIO_API_KEY, STRIPE/POSTHOG/GOOGLE keys, ...). Tools run
# server-side via /tools/call, so the sandbox only needs its own port, the Pi
# login (mounted below), the OTLP export fallback, and the Daytona credentials
# the runner reads for the `daytona` sandbox provider.
environment:
PORT: "8765"
PI_CODING_AGENT_DIR: /pi-agent
# Tracing export fallback (used when a request carries no usable OTLP
# credential). Must be reachable from this container.
AGENTA_HOST: ${AGENTA_HOST:-http://144.76.237.122:8280}
AGENTA_API_KEY: ${AGENTA_API_KEY:-}
Comment on lines +453 to +456

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not default telemetry to a public HTTP IP.

Line 446 sends the sidecar’s fallback tracing export to http://144.76.237.122:8280 whenever AGENTA_HOST is unset. For a dev stack, that can leak local trace data/metadata to an external endpoint by default.

🛡️ Proposed safer default 
-            AGENTA_HOST: ${AGENTA_HOST:-http://144.76.237.122:8280}
+            # Set AGENTA_HOST explicitly when exporting traces outside the local stack.
+            AGENTA_HOST: ${AGENTA_HOST:-}

If tracing must work out of the box, default this to an in-stack service URL instead of a public IP.

SANDBOX_AGENT_PROVIDER: ${SANDBOX_AGENT_PROVIDER:-local}
SANDBOX_AGENT_DAYTONA_API_KEY: ${SANDBOX_AGENT_DAYTONA_API_KEY:-}
SANDBOX_AGENT_DAYTONA_API_URL: ${SANDBOX_AGENT_DAYTONA_API_URL:-}
SANDBOX_AGENT_DAYTONA_TARGET: ${SANDBOX_AGENT_DAYTONA_TARGET:-}
SANDBOX_AGENT_DAYTONA_SNAPSHOT: ${SANDBOX_AGENT_DAYTONA_SNAPSHOT:-agenta-sandbox-pi}
SANDBOX_AGENT_DAYTONA_IMAGE: ${SANDBOX_AGENT_DAYTONA_IMAGE:-}
SANDBOX_AGENT_DAYTONA_INSTALL_PI: ${SANDBOX_AGENT_DAYTONA_INSTALL_PI:-false}
# === STORAGE ============================================== #
volumes:
- ../../../services/agent/src:/app/src
# The Agenta harness's forced skills are real files the runner lays into the
# sandbox per run (resolved from /app/skills). Bind-mounted like src so edits are
# live; the prod image bakes them with `COPY skills ./skills`.
- ../../../services/agent/skills:/app/skills
- ${HOME}/.pi/agent:/pi-agent-ro:ro
# === NETWORK ============================================== #
networks:
- agenta-network
# === LIFECYCLE ============================================ #
restart: always
healthcheck:
test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:8765/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
interval: 10s
timeout: 5s
retries: 12
start_period: 20s

postgres:
# === IMAGE ================================================ #
image: postgres:17
Expand Down Expand Up @@ -593,6 +648,4 @@ volumes:
postgres-data:
redis-volatile-data:
redis-durable-data:
nextjs-ee-cache:
nextjs-oss-cache:
turbo-ee-cache:
nextjs_cache:
Loading