fibe-agent/Dockerfile at main · fibegg/fibe-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
FROM node:24-slim AS cli

ARG BUILDKIT_INLINE_CACHE=1
ARG AGENT_PROVIDER=gemini

RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && rm -rf /var/lib/apt/lists/*

RUN --mount=type=cache,target=/root/.npm \
    if [ "$AGENT_PROVIDER" = "gemini" ]; then \
    npm install -g @google/gemini-cli; \
    elif [ "$AGENT_PROVIDER" = "claude_code" ]; then \
    npm install -g @anthropic-ai/claude-code@2.1.50; \
    elif [ "$AGENT_PROVIDER" = "openai_codex" ]; then \
    npm install -g @openai/codex@0.104.0; \
    elif [ "$AGENT_PROVIDER" = "opencode" ]; then \
    npm install -g opencode-ai; \
    fi

RUN find /usr/local/lib/node_modules -type f -name "*.map" -delete 2>/dev/null || true

FROM oven/bun:1.3.11-slim AS builder

ARG BUILDKIT_INLINE_CACHE=1

WORKDIR /app

COPY package.json bun.lock package-lock.json* nx.json tsconfig.base.json ./
COPY apps/api/package.json apps/api/
COPY apps/chat/package.json apps/chat/

RUN --mount=type=cache,target=/root/.bun/install/cache \
    bun install

COPY apps/api apps/api
COPY apps/chat apps/chat

ENV NX_DAEMON=false
RUN bunx nx run-many --targets=build --projects=api,chat

FROM node:24-slim

ARG BUILDKIT_INLINE_CACHE=1
ARG GIT_SHA
ENV GIT_SHA=$GIT_SHA

# Unconditional packages — cached across all provider variants
RUN apt-get update && apt-get install -y --no-install-recommends \
    dumb-init bash curl procps git \
    jq less tree wget zip unzip openssh-client docker.io \
    # Tier 1 – essential agent tooling
    python3 python3-venv \
    ripgrep fd-find \
    make file patch \
    ca-certificates \
    # Tier 2 – extended agent tooling
    sqlite3 pandoc htop strace \
    imagemagick ffmpeg ghostscript \
    # Tier 3 – native compilation support
    build-essential \
    && rm -rf /var/lib/apt/lists/* \
    && ln -sf /usr/bin/fdfind /usr/local/bin/fd

# uv – ultrafast Python package/project manager (single static binary)
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
# uvx wrapper – some uv versions don't handle argv[0]=="uvx" correctly,
# so we use a shell script that delegates to `uv tool run` instead of a symlink.
RUN printf '#!/bin/sh\nexec /usr/local/bin/uv tool run "$@"\n' > /usr/local/bin/uvx \
    && chmod +x /usr/local/bin/uvx

# Deno – secure JS/TS runtime for quick scripting
ENV DENO_INSTALL=/usr/local
RUN curl -fsSL https://deno.land/install.sh | sh

# Conditional packages — only busts cache for claude_code builds
ARG AGENT_PROVIDER=gemini
RUN if [ "$AGENT_PROVIDER" = "claude_code" ]; then \
    apt-get update && apt-get install -y --no-install-recommends \
    dbus gnome-keyring libsecret-1-0 \
    && rm -rf /var/lib/apt/lists/*; \
    fi

COPY --from=cli /usr/local/lib/node_modules /usr/local/lib/node_modules
COPY --from=cli /usr/local/bin /usr/local/bin

WORKDIR /app

COPY --from=builder /app/apps/api/dist ./dist/
COPY --from=builder /app/apps/chat/dist ./chat/
COPY apps/api/package.json ./package.json
RUN --mount=type=cache,target=/root/.npm \
    npm install --omit=dev --ignore-scripts && \
    npm install -g mcp-remote

# @playwright/mcp – globally install so the agent can use it without npx download.
# Pin version to keep browser↔library alignment deterministic.
RUN --mount=type=cache,target=/root/.npm \
    npm install -g @playwright/mcp@0.0.68

# System libraries required by Chromium (must run as root).
RUN npx -y playwright install-deps chromium

EXPOSE 3000

RUN mkdir -p /app/data /app/playground /home/node/.cache \
    && touch /app/data/STEERING.md \
    && if [ "$AGENT_PROVIDER" = "gemini" ]; then \
    mkdir -p /home/node/.gemini && chown -R node:node /home/node/.gemini; \
    elif [ "$AGENT_PROVIDER" = "openai_codex" ]; then \
    mkdir -p /home/node/.codex && chown -R node:node /home/node/.codex; \
    elif [ "$AGENT_PROVIDER" = "claude_code" ]; then \
    mkdir -p /home/node/.claude && chown -R node:node /home/node/.claude; \
    elif [ "$AGENT_PROVIDER" = "opencode" ]; then \
    mkdir -p /home/node/.local/share/opencode && chown -R node:node /home/node/.local; \
    fi \
    && chown -R node:node /app/data /app/playground /home/node/.cache

USER node

# Download Chromium browser binary as node so it lands in /home/node/.cache
# and is accessible at runtime (container runs as USER node).
RUN npx -y playwright install chromium

ENTRYPOINT ["/usr/bin/dumb-init", "--"]

CMD ["node", "dist/main.js"]