744c149300
Some checks failed
Build and Deploy Docs / build-and-deploy (push) Has been cancelled
- Created logs/ structure (sessions, operations, incidents) - Added session-start/log/end scripts - Installed Git hooks for auto-logging commits/pushes - Added shell integration for zsh - Created CHANGELOG.md - Documented today's session (2026-01-10)
57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
version: '3.9'
|
|
|
|
services:
|
|
ai-security-agent:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: ai-security-agent
|
|
restart: unless-stopped
|
|
|
|
# CRITICAL: Need host PID namespace to see all processes
|
|
pid: host
|
|
|
|
# Need elevated privileges to kill processes
|
|
privileged: true
|
|
|
|
environment:
|
|
- OLLAMA_BASE_URL=http://172.17.0.1:11434
|
|
- OLLAMA_MODEL=qwen3:8b
|
|
- CHECK_INTERVAL=300 # 5 minutes
|
|
- ALERT_THRESHOLD=0.7 # 70% confidence for auto-mitigation
|
|
- TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
|
|
- TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID}
|
|
|
|
volumes:
|
|
# Mount host /tmp to scan for malware
|
|
- /tmp:/tmp
|
|
# Mount host /proc for process information
|
|
- /proc:/host/proc:ro
|
|
# Persistent logs
|
|
- ./logs:/var/log
|
|
|
|
networks:
|
|
- dagi-network
|
|
|
|
# Resource limits (agent should be lightweight)
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.0'
|
|
memory: 512M
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
|
|
healthcheck:
|
|
test: ["CMD", "pgrep", "-f", "security_agent.py"]
|
|
interval: 60s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
|
|
networks:
|
|
dagi-network:
|
|
external: true
|
|
name: dagi-network
|