docker-compose.e2e.yml

services:
  redis:
    image: redis:7.4-alpine
    command: ["redis-server", "--save", "", "--appendonly", "no"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 20
    deploy:
      resources:
        limits:
          cpus: "0.50"
          memory: 256M

  kafka:
    image: confluentinc/cp-kafka:7.7.0
    hostname: kafka
    ports:
      - "19092:19092"
    environment:
      CLUSTER_ID: "MkU3OEVBNTcwNTJENDM2Qk"
      KAFKA_NODE_ID: 1
      KAFKA_PROCESS_ROLES: broker,controller
      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:29093,EXTERNAL://0.0.0.0:19092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,EXTERNAL://localhost:19092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,EXTERNAL:PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:29093
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
      KAFKA_DEFAULT_REPLICATION_FACTOR: 1
      KAFKA_MIN_INSYNC_REPLICAS: 1
      KAFKA_NUM_PARTITIONS: 3
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_LOG_DIRS: /var/lib/kafka/data
      KAFKA_HEAP_OPTS: "-Xms256m -Xmx512m"
    healthcheck:
      test: ["CMD-SHELL", "kafka-topics --bootstrap-server localhost:9092 --list >/dev/null 2>&1"]
      interval: 10s
      timeout: 10s
      retries: 12
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 1G

  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: agentflow
      POSTGRES_USER: agentflow
      POSTGRES_PASSWORD: agentflow
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U agentflow -d agentflow"]
      interval: 5s
      timeout: 5s
      retries: 20
    deploy:
      resources:
        limits:
          cpus: "0.50"
          memory: 512M

  agentflow-api:
    build:
      context: .
      dockerfile: Dockerfile.api
    depends_on:
      redis:
        condition: service_healthy
      kafka:
        condition: service_healthy
      postgres:
        condition: service_healthy
    ports:
      - "8000:8000"
    environment:
      AGENTFLOW_SERVING_CONFIG: /app/config/serving.yaml
      AGENTFLOW_API_KEYS: ${AGENTFLOW_API_KEYS:-af-prod-agent-support-abc123:Support Agent,af-prod-agent-ops-def456:Ops Agent,af-prod-agent-rate-e2e000:Rate Limit Agent}
      AGENTFLOW_RATE_LIMIT_RPM: ${AGENTFLOW_RATE_LIMIT_RPM:-120}
      AGENTFLOW_USAGE_DB_PATH: /app/data/agentflow_api_usage.duckdb
      AGENTFLOW_WEBHOOKS_FILE: /app/data/e2e-webhooks.yaml
      # The e2e webhook callback is delivered to the host gateway, which the
      # SSRF egress guard rejects as a private address. Trust exactly that
      # configured callback host (default host.docker.internal) — the guard
      # stays fully active for every other target.
      AGENTFLOW_EGRESS_ALLOWED_HOSTS: ${AGENTFLOW_E2E_CALLBACK_HOST:-host.docker.internal}
      DUCKDB_PATH: /app/data/agentflow.duckdb
      REDIS_URL: redis://redis:6379/0
      KAFKA_BOOTSTRAP_SERVERS: kafka:9092
      OTEL_SDK_DISABLED: "true"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - agentflow-api-data:/app/data
      - ./config:/app/config:ro
      - ./contracts:/app/contracts:ro
    healthcheck:
      test:
        - CMD
        - python
        - -c
        - import urllib.request; urllib.request.urlopen("http://localhost:8000/v1/health", timeout=5)
      interval: 10s
      timeout: 10s
      retries: 12
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.50"
          memory: 2G

volumes:
  agentflow-api-data: