naimkatiman
diff --git a/‎.env.example‎
Lines changed: 20 additions & 2 deletions b/‎.env.example‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎Dockerfile‎
Lines changed: 39 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎docker-compose.yml‎
Lines changed: 24 additions & 0 deletions b/‎docker-compose.yml‎
Lines changed: 24 additions & 0 deletions
@@ -1,6 +1,7 @@
 # OpenClaw Runtime Configuration
 # Copy this file to .env and adjust values as needed.
-# All variables are optional — defaults shown below.
+
+# ── Database ──────────────────────────────────────────────────────────────────
 
 # Directory where runtime data (SQLite DB) is stored.
 # Default: ./runtime
@@ -10,10 +11,27 @@ OPENCLAW_RUNTIME_DIR=./runtime
 # Default: ./runtime/openclaw.db
 OPENCLAW_DB_PATH=./runtime/openclaw.db
 
+# ── Server ────────────────────────────────────────────────────────────────────
+
 # Server host binding.
-# Default: 127.0.0.1 (localhost only)
+# Default: 127.0.0.1 (localhost only). Use 0.0.0.0 to expose on the network.
 OPENCLAW_HOST=127.0.0.1
 
 # Server port.
 # Default: 8787
 OPENCLAW_PORT=8787
+
+# ── Security ──────────────────────────────────────────────────────────────────
+
+# API key required on every request as the `x-api-key` header.
+# Leave unset (or empty) to disable auth — for local dev only.
+# PRODUCTION: always set a strong random key.
+# Example: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+OPENCLAW_API_KEY=
+
+# ── CORS ─────────────────────────────────────────────────────────────────────
+
+# Allowed CORS origin for browser clients.
+# Use * to allow all origins (dev), or specify your frontend domain for production.
+# Example: https://my-app.example.com
+OPENCLAW_CORS_ORIGIN=*
@@ -0,0 +1,39 @@
+# ── Stage 1: Build ────────────────────────────────────────────────────────────
+FROM node:22-alpine AS builder
+
+WORKDIR /app
+
+# Install build dependencies for native modules (better-sqlite3)
+RUN apk add --no-cache python3 make g++
+
+COPY package*.json tsconfig.json ./
+RUN npm ci
+
+COPY src ./src
+RUN npm run build
+
+# ── Stage 2: Runtime ─────────────────────────────────────────────────────────
+FROM node:22-alpine AS runtime
+
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+# Install native runtime libs
+RUN apk add --no-cache python3 make g++
+
+# Copy only what's needed
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+COPY --from=builder /app/dist ./dist
+
+# Runtime data directory (mount a volume here for persistence)
+RUN mkdir -p /app/runtime
+
+EXPOSE 8787
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD wget -qO- http://localhost:8787/health || exit 1
+
+CMD ["node", "dist/src/server.js"]
@@ -0,0 +1,24 @@
+services:
+  memorycore:
+    build: .
+    container_name: memorycore
+    restart: unless-stopped
+    ports:
+      - "${OPENCLAW_PORT:-8787}:8787"
+    environment:
+      - NODE_ENV=production
+      - OPENCLAW_HOST=0.0.0.0
+      - OPENCLAW_PORT=8787
+      - OPENCLAW_RUNTIME_DIR=/app/runtime
+      - OPENCLAW_DB_PATH=/app/runtime/openclaw.db
+      - OPENCLAW_API_KEY=${OPENCLAW_API_KEY}
+      - OPENCLAW_CORS_ORIGIN=${OPENCLAW_CORS_ORIGIN:-*}
+    volumes:
+      # Persist the SQLite DB across container restarts
+      - ./runtime:/app/runtime
+    healthcheck:
+      test: [ "CMD", "wget", "-qO-", "http://localhost:8787/health" ]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s