From 55b7676a00d4373920b0737554ef60d27d9ca5c9 Mon Sep 17 00:00:00 2001
From: Ajit Koti <ajitkoti@zer07labs.com>
Date: Wed, 1 Apr 2026 12:42:42 -0700
Subject: [PATCH 1/2] Create Github Action to create Docker Image

---
 .dockerignore                | 15 ++++++++++
 .github/workflows/docker.yml | 56 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   | 40 ++++++++++++++++++++++++++
 railpack.json                |  6 ----
 4 files changed, 111 insertions(+), 6 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/docker.yml
 create mode 100644 Dockerfile
 delete mode 100644 railpack.json

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..717394b
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,15 @@
+target/
+.git/
+.github/
+.claude/
+.vscode/
+.idea/
+plans/
+tmp/
+temp/
+.macp-data/
+.DS_Store
+*.swp
+*.swo
+*~
+CLAUDE.md
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 0000000..e0e5e99
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,56 @@
+name: Build & Push Docker Image
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    branches: [main]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  docker:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix=
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5b56ca8
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,40 @@
+# Stage 1: Build
+FROM rust:1.86-bookworm AS builder
+
+RUN apt-get update && apt-get install -y protobuf-compiler && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Cache dependencies: copy manifests first, build a dummy, then copy real source
+COPY Cargo.toml Cargo.lock build.rs ./
+COPY proto/ proto/
+RUN mkdir -p src && echo "fn main() {}" > src/main.rs && \
+    mkdir -p src/bin && \
+    cargo build --release 2>/dev/null || true && \
+    rm -rf src
+
+# Copy full source and build for real
+COPY src/ src/
+COPY tests/ tests/
+RUN cargo build --release
+
+# Stage 2: Minimal runtime image
+FROM debian:bookworm-slim
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN useradd --create-home --shell /bin/bash macp
+USER macp
+WORKDIR /home/macp
+
+COPY --from=builder /app/target/release/macp-runtime /usr/local/bin/macp-runtime
+
+ENV MACP_BIND_ADDR=0.0.0.0:50051
+ENV MACP_ALLOW_INSECURE=1
+ENV MACP_DATA_DIR=/home/macp/.macp-data
+
+EXPOSE 50051
+
+ENTRYPOINT ["macp-runtime"]
diff --git a/railpack.json b/railpack.json
deleted file mode 100644
index fe8ca90..0000000
--- a/railpack.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "$schema": "https://schema.railpack.com",
-  "deploy": {
-    "startCommand": "./bin/macp-runtime"
-  }
-}

From 6f98dd4f2d6b018f75cbb2f61f8e998169e46aac Mon Sep 17 00:00:00 2001
From: Ajit Koti <ajitkoti@zer07labs.com>
Date: Wed, 1 Apr 2026 13:02:19 -0700
Subject: [PATCH 2/2] Update Rust and Fix Build Issues

---
 .github/workflows/ci.yml | 35 +++++++++++++++++++++--------------
 Dockerfile               |  2 +-
 rust-toolchain.toml      |  2 +-
 3 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d326cf3..61fc101 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,7 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
+  RUST_TOOLCHAIN: "1.89.0"
 
 jobs:
   check:
@@ -18,7 +19,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
 
       - name: Cache cargo registry and build
         uses: actions/cache@v4
@@ -47,8 +50,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
         with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
           components: rustfmt
 
       - name: Check formatting
@@ -63,8 +67,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
         with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
           components: clippy
 
       - name: Cache cargo registry and build
@@ -94,7 +99,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
 
       - name: Cache cargo registry and build
         uses: actions/cache@v4
@@ -125,7 +132,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
 
       - name: Cache cargo registry and build
         uses: actions/cache@v4
@@ -216,14 +225,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Install cargo-audit
-        run: cargo install cargo-audit
-
       - name: Run cargo audit
-        run: cargo audit
+        uses: rustsec/audit-check@v2.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 
   coverage:
     name: Coverage
@@ -234,7 +239,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
 
       - name: Cache cargo registry and build
         uses: actions/cache@v4
@@ -252,7 +259,7 @@ jobs:
           sudo apt-get install -y protobuf-compiler
 
       - name: Install cargo-tarpaulin
-        run: cargo install cargo-tarpaulin
+        run: cargo install cargo-tarpaulin --locked
 
       - name: Generate coverage
         run: cargo tarpaulin --all-targets --out xml
diff --git a/Dockerfile b/Dockerfile
index 5b56ca8..4ca1857 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Stage 1: Build
-FROM rust:1.86-bookworm AS builder
+FROM rust:1.89-bookworm AS builder
 
 RUN apt-get update && apt-get install -y protobuf-compiler && rm -rf /var/lib/apt/lists/*
 
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
index cf6d0f5..b67e7d5 100644
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.86.0"
+channel = "1.89.0"