deriva-mcp/docker-compose.mcp.yaml at main · informatics-isi-edu/deriva-mcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Standalone MCP server with HTTP transport
#
# This docker-compose file runs the Deriva MCP server in HTTP mode,
# which provides persistent connections that survive client disconnects
# and support long-running operations like catalog cloning.
#
# Prerequisites:
#   - The deriva-localhost Docker network must exist (from deriva-localhost stack)
#   - Deriva credentials in ~/.deriva/
#
# Usage:
#   # Start the MCP server
#   docker-compose -f docker-compose.mcp.yaml up -d
#
#   # View logs
#   docker-compose -f docker-compose.mcp.yaml logs -f
#
#   # Stop the server
#   docker-compose -f docker-compose.mcp.yaml down
#
# Claude Code configuration (~/.mcp.json):
#   {
#     "mcpServers": {
#       "deriva-ml": {
#         "type": "http",
#         "url": "http://localhost:8000/mcp"
#       }
#     }
#   }

services:
  deriva-mcp:
    image: ghcr.io/informatics-isi-edu/deriva-mcp:latest
    container_name: deriva-mcp
    command:
      - deriva-mcp
      - --transport
      - streamable-http
      - --host
      - "0.0.0.0"
      - --port
      - "8000"
    networks:
      - deriva-localhost_internal_network
    ports:
      - "8000:8000"
    volumes:
      # Mount credentials read-only for security
      - ${HOME}/.deriva:${HOME}/.deriva:ro
      # BDBag keychain for dataset operations
      - ${HOME}/.bdbag:${HOME}/.bdbag
      # DerivaML working directory
      - ${HOME}/.deriva-ml:${HOME}/.deriva-ml
      # Persistent task storage (survives container restarts)
      - deriva-mcp-data:/app/data
    environment:
      - HOME=${HOME}
      # Task persistence configuration
      - DERIVA_MCP_TASK_STATE_PATH=/app/data/task_state.json
      - DERIVA_MCP_TASK_RETENTION_HOURS=168
      - DERIVA_MCP_TASK_SYNC_INTERVAL=5
      # SSE keepalive to prevent proxy timeouts
      - DERIVA_MCP_SSE_KEEPALIVE=30
      # Remap 'localhost' to the Deriva webserver via Docker DNS.
      # The entrypoint resolves this name to an IP and adds it to /etc/hosts as localhost.
      # This avoids hardcoding IPs that change when the network is recreated.
      - DERIVA_MCP_LOCALHOST_ALIAS=deriva-webserver
      # CA bundle for self-signed localhost certificates
      # pip-system-certs/truststore ignores REQUESTS_CA_BUNDLE but respects SSL_CERT_FILE
      - SSL_CERT_FILE=${HOME}/.deriva/allCAbundle-with-local.pem
    restart: unless-stopped
    healthcheck:
      # Health check uses dedicated /health endpoint that does NOT create MCP sessions.
      # Using /mcp would create orphan sessions every 30 seconds, causing resource exhaustion.
      test: ["CMD", "curl", "-sf", "--max-time", "2", "http://localhost:8000/health"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

volumes:
  # Named volume for persistent task state
  deriva-mcp-data:

networks:
  # Use the existing network from deriva-localhost stack
  # This allows the MCP server to communicate with the Deriva webserver
  deriva-localhost_internal_network:
    external: true