agentd 0.1.2

Agent daemon for secure capability execution with pluggable isolation backends
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

# Docker Compose for agentd with Envoy + OPA API Gateway
#
# Services:
# - envoy-gateway: API gateway for agentd APIs (auth, rate limiting)
# - envoy-egress: Egress proxy for external API access (credential injection)
# - opa: Policy decision point for unified policy management
# - agentd: Secure capability execution engine
#
# Usage:
#   docker compose up -d
#   docker compose logs -f
#
# Ports:
# - 8080: API Gateway (Envoy) - agentd API access
# - 8443: Egress Proxy (Envoy) - external API access
# - 9901: Gateway Envoy Admin
# - 9902: Egress Envoy Admin
# - 8181: OPA Policy API
# - 9191: OPA ext_authz gRPC (internal)
# - 9500: agentd gRPC (internal)
# - 8090: agentd HTTP (internal)

services:
  # API Gateway - handles authentication and routing to agentd
  envoy-gateway:
    image: envoyproxy/envoy:v1.28-latest
    container_name: agentd-gateway
    ports:
      - "8080:8080"    # API Gateway
      - "9901:9901"    # Envoy Admin
    volumes:
      - ../envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro
      # Uncomment for TLS
      # - ./certs:/etc/envoy/certs:ro
    command: ["-c", "/etc/envoy/envoy.yaml", "--log-level", "info"]
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
        tag: "{{.Name}}"
    depends_on:
      - opa
      - agentd
    networks:
      - agentd-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9901/ready"]
      interval: 10s
      timeout: 5s
      retries: 3

  # Egress Proxy - handles external API access with credential injection
  envoy-egress:
    image: envoyproxy/envoy:v1.28-latest
    container_name: agentd-egress
    ports:
      - "8443:8443"    # Egress Proxy
      - "9902:9902"    # Envoy Admin
    volumes:
      - ../envoy/envoy-egress.yaml:/etc/envoy/envoy.yaml:ro
    command: ["-c", "/etc/envoy/envoy.yaml", "--log-level", "info"]
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
        tag: "{{.Name}}"
    depends_on:
      - opa
    networks:
      - agentd-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9902/ready"]
      interval: 10s
      timeout: 5s
      retries: 3

  opa:
    image: openpolicyagent/opa:latest-envoy
    container_name: agentd-opa
    ports:
      - "8181:8181"    # OPA REST API (policy management)
    volumes:
      - ../opa/opa.yaml:/etc/opa/config.yaml:ro
      - ../../build/bundles:/bundles:ro
    command:
      - "run"
      - "--server"
      - "--config-file=/etc/opa/config.yaml"
      - "--addr=0.0.0.0:8181"
      - "--diagnostic-addr=0.0.0.0:8282"
      - "--bundle"
      - "/bundles/agentd-bundle.tar.gz"
    networks:
      - agentd-network
    healthcheck:
      test: ["CMD", "/opa", "eval", "true"]
      interval: 10s
      timeout: 5s
      retries: 3

  agentd:
    build:
      context: ../..
      dockerfile: Dockerfile
    container_name: agentd
    # For full isolation features, agentd needs elevated privileges
    # In production, use more restrictive settings
    privileged: true
    security_opt:
      - apparmor:unconfined
      - seccomp:unconfined
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        DIGEST=$$(sha256sum /etc/agentd/bundles/agentd-bundle.tar.gz | cut -d' ' -f1)
        exec /usr/local/bin/agentd run --demo --capability-digest "$$DIGEST"
    volumes:
      - agentd-work:/var/lib/agentd/work
      - agentd-data:/var/lib/agentd/data
      # Mount policy bundles
      - ../../build/bundles:/etc/agentd/bundles:ro
      # Mount capability derivations
      - ../../build/capability:/var/lib/agentd/build/capability:ro
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
        tag: "{{.Name}}"
    environment:
      - AGENTD_LOG_LEVEL=info
      - SMITH_EXECUTOR_ALLOW_INSECURE_FALLBACK=1
      - AGENTD_WORK_ROOT=/var/lib/agentd/work
      - AGENTD_POLICY_BUNDLE=/etc/agentd/bundles/agentd-bundle.tar.gz
      - AGENTD_GRPC_LISTEN=0.0.0.0:9500
      - AGENTD_HTTP_LISTEN=0.0.0.0:8090
      # OPA sidecar for policy evaluation
      - AGENTD_OPA_URL=http://opa:8181
      # Egress proxy for external API calls
      - AGENTD_EGRESS_PROXY=http://envoy-egress:8443
    networks:
      - agentd-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8090/health"]
      interval: 10s
      timeout: 5s
      retries: 3
    depends_on:
      - envoy-egress

networks:
  agentd-network:
    driver: bridge

volumes:
  agentd-work:
  agentd-data: