dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

storkit: create 365_story_surface_api_rate_limit_warnings_in_chat

Browse Source
This commit is contained in:
dave
2026-03-22 18:19:23 +00:00
parent f346712dd1
commit e4227cf673
175 changed files with 0 additions and 83945 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docker/.dockerignore
View File

@@ -1,11 +0,0 @@
# Docker build context exclusions
**/target/
**/node_modules/
frontend/dist/
.storkit/worktrees/
.storkit/logs/
.storkit/work/6_archived/
.git/
*.swp
*.swo
.DS_Store

132
docker/Dockerfile
View File

@@ -1,132 +0,0 @@
# Story Kit single-container runtime
# All components (server, agents, web UI) run inside this container.
# The target project repo is bind-mounted at /workspace.
#
# Build: docker build -t storkit -f docker/Dockerfile .
# Run: docker compose -f docker/docker-compose.yml up
#
# Tested with: OrbStack (recommended on macOS), Docker Desktop (slower bind mounts)
FROM rust:1.90-bookworm AS base
# Clippy is needed at runtime for acceptance gates (cargo clippy)
RUN rustup component add clippy
# ── System deps ──────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
curl \
ca-certificates \
build-essential \
pkg-config \
libssl-dev \
# cargo-nextest is a pre-built binary
&& rm -rf /var/lib/apt/lists/*
# ── Node.js 22.x (matches host) ─────────────────────────────────────
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
# ── cargo-nextest (test runner) ──────────────────────────────────────
RUN curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C /usr/local/bin
# ── Claude Code CLI ──────────────────────────────────────────────────
# Claude Code is distributed as an npm global package.
# The CLI binary is `claude`.
RUN npm install -g @anthropic-ai/claude-code
# ── Working directory ────────────────────────────────────────────────
# /app holds the storkit source (copied in at build time for the binary).
# /workspace is where the target project repo gets bind-mounted at runtime.
WORKDIR /app
# ── Build the storkit server binary ─────────────────────────────────
# Copy the full project tree so `cargo build` and `npm run build` (via
# build.rs) can produce the release binary with embedded frontend assets.
COPY . .
# Build frontend deps first (better layer caching)
RUN cd frontend && npm ci
# Build the release binary (build.rs runs npm run build for the frontend)
RUN cargo build --release \
&& cp target/release/storkit /usr/local/bin/storkit
# ── Runtime stage (smaller image) ───────────────────────────────────
FROM debian:bookworm-slim AS runtime
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
curl \
ca-certificates \
libssl3 \
# build-essential (gcc/cc) needed at runtime for:
# - rebuild_and_restart (cargo build --release)
# - agent-driven cargo commands (clippy, test, build)
build-essential \
pkg-config \
libssl-dev \
# procps provides ps, needed by tests and process management
procps \
&& rm -rf /var/lib/apt/lists/*
# Node.js in runtime
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
# Claude Code CLI in runtime
RUN npm install -g @anthropic-ai/claude-code
# Cargo and Rust toolchain needed at runtime for:
# - rebuild_and_restart (cargo build inside the container)
# - Agent-driven cargo commands (cargo clippy, cargo test, etc.)
COPY --from=base /usr/local/cargo /usr/local/cargo
COPY --from=base /usr/local/rustup /usr/local/rustup
ENV PATH="/usr/local/cargo/bin:${PATH}"
ENV RUSTUP_HOME="/usr/local/rustup"
ENV CARGO_HOME="/usr/local/cargo"
# cargo-nextest
COPY --from=base /usr/local/bin/cargo-nextest /usr/local/bin/cargo-nextest
# The storkit binary
COPY --from=base /usr/local/bin/storkit /usr/local/bin/storkit
# Copy the full source tree so rebuild_and_restart can do `cargo build`
# from the workspace root (CARGO_MANIFEST_DIR is baked into the binary).
# Alternative: mount the source as a volume.
COPY --from=base /app /app
# ── Non-root user ────────────────────────────────────────────────────
# Claude Code refuses --dangerously-skip-permissions (bypassPermissions)
# when running as root. Create a dedicated user so agents can launch.
RUN groupadd -r storkit \
&& useradd -r -g storkit -m -d /home/storkit storkit \
&& mkdir -p /home/storkit/.claude \
&& chown -R storkit:storkit /home/storkit \
&& chown -R storkit:storkit /usr/local/cargo /usr/local/rustup \
&& chown -R storkit:storkit /app \
&& mkdir -p /workspace/target /app/target \
&& chown storkit:storkit /workspace/target /app/target
# ── Entrypoint ───────────────────────────────────────────────────────
# Validates required env vars (GIT_USER_NAME, GIT_USER_EMAIL) and
# configures git identity before starting the server.
COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
USER storkit
WORKDIR /workspace
# ── Ports ────────────────────────────────────────────────────────────
# Web UI + MCP server
EXPOSE 3001
# ── Volumes (defined in docker-compose.yml) ──────────────────────────
# /workspace bind mount: target project repo
# /home/storkit/.claude named volume: Claude Code sessions/state
# /usr/local/cargo/registry named volume: cargo dependency cache
ENTRYPOINT ["entrypoint.sh"]
CMD ["storkit", "/workspace"]

118
docker/docker-compose.yml
View File

@@ -1,118 +0,0 @@
# Story Kit single-container deployment
#
# Usage:
# # Set your API key and project path, then:
# ANTHROPIC_API_KEY=sk-ant-... PROJECT_PATH=/path/to/your/repo \
# docker compose -f docker/docker-compose.yml up
#
# OrbStack users: just install OrbStack and use `docker compose` normally.
# OrbStack's VirtioFS bind mount driver is significantly faster than
# Docker Desktop's default (see spike findings).
services:
storkit:
build:
context: ..
dockerfile: docker/Dockerfile
container_name: storkit
ports:
# Bind to localhost only — not exposed on all interfaces.
- "127.0.0.1:3001:3001"
environment:
# Optional: Anthropic API key. If unset, Claude Code falls back to
# OAuth credentials from `claude login` (e.g. Max subscription).
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
# Required: git identity for agent commits
- GIT_USER_NAME=${GIT_USER_NAME:?Set GIT_USER_NAME}
- GIT_USER_EMAIL=${GIT_USER_EMAIL:?Set GIT_USER_EMAIL}
# Optional: override the server port (default 3001)
- STORKIT_PORT=3001
# Optional: Matrix bot credentials (if using Matrix integration)
- MATRIX_HOMESERVER=${MATRIX_HOMESERVER:-}
- MATRIX_USER=${MATRIX_USER:-}
- MATRIX_PASSWORD=${MATRIX_PASSWORD:-}
# Optional: Slack webhook (if using Slack integration)
- SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN:-}
- SLACK_APP_TOKEN=${SLACK_APP_TOKEN:-}
volumes:
# The target project repo bind-mounted from host.
# Changes made by agents inside the container are immediately
# visible on the host (and vice versa).
- ${PROJECT_PATH:?Set PROJECT_PATH}:/workspace
# Cargo registry cache persists downloaded crates across
# container restarts so `cargo build` doesn't re-download.
- cargo-registry:/usr/local/cargo/registry
# Cargo git checkouts persists git-based dependencies.
- cargo-git:/usr/local/cargo/git
# Claude Code state persists session history, projects config,
# and conversation transcripts so --resume works across restarts.
- claude-state:/home/storkit/.claude
# Storkit source tree for rebuild_and_restart.
# The binary has CARGO_MANIFEST_DIR baked in at compile time
# pointing to /app/server, so the source must be at /app.
# This is COPY'd in the Dockerfile; mounting over it allows
# live source updates without rebuilding the image.
# Mount host source so rebuild_and_restart picks up live changes:
- ./..:/app
# Keep cargo build artifacts off the bind mount.
# Bind-mount directory traversal is ~23x slower than Docker volumes
# (confirmed in spike 329). Cargo stat-checks every file in target/
# on incremental builds — leaving it on the bind mount makes builds
# catastrophically slow (~12s just to traverse the tree).
- workspace-target:/workspace/target
- storkit-target:/app/target
# ── Security hardening ──────────────────────────────────────────
# Read-only root filesystem. Only explicitly mounted volumes and
# tmpfs paths are writable.
read_only: true
tmpfs:
- /tmp:size=512M,exec
- /home/storkit:size=512M,uid=999,gid=999,exec
# Drop all Linux capabilities, then add back only what's needed.
# SETUID/SETGID needed by Claude Code's PTY allocation (openpty).
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
# Prevent child processes from gaining new privileges via setuid,
# setgid, or other mechanisms.
security_opt:
- no-new-privileges:true
# Resource limits cap the whole system.
# Adjust based on your machine. These are conservative defaults.
deploy:
resources:
limits:
cpus: "4"
memory: 8G
reservations:
cpus: "1"
memory: 2G
# Health check verify the MCP endpoint responds
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
# Restart policy restart on crash but not on manual stop
restart: unless-stopped
volumes:
cargo-registry:
cargo-git:
claude-state:
workspace-target:
storkit-target:

24
docker/entrypoint.sh
View File

@@ -1,24 +0,0 @@
#!/bin/sh
set -e
# ── Git identity ─────────────────────────────────────────────────────
# Agents commit code inside the container. Without a git identity,
# commits fail or use garbage defaults. Fail loudly at startup so the
# operator knows immediately.
if [ -z "$GIT_USER_NAME" ]; then
echo "FATAL: GIT_USER_NAME is not set. Export it in your environment or docker-compose.yml." >&2
exit 1
fi
if [ -z "$GIT_USER_EMAIL" ]; then
echo "FATAL: GIT_USER_EMAIL is not set. Export it in your environment or docker-compose.yml." >&2
exit 1
fi
# Use GIT_AUTHOR/COMMITTER env vars instead of git config --global,
# so the root filesystem can stay read-only (no ~/.gitconfig write).
export GIT_AUTHOR_NAME="$GIT_USER_NAME"
export GIT_COMMITTER_NAME="$GIT_USER_NAME"
export GIT_AUTHOR_EMAIL="$GIT_USER_EMAIL"
export GIT_COMMITTER_EMAIL="$GIT_USER_EMAIL"
exec "$@"