plano/Dockerfile

# build docker image for arch gateway
FROM rust:1.93.0 AS builder
RUN rustup -v target add wasm32-wasip1
WORKDIR /arch
COPY crates .
RUN cargo build --release --target wasm32-wasip1 -p prompt_gateway -p llm_gateway
RUN cargo build --release -p brightstaff

FROM docker.io/envoyproxy/envoy:v1.36.4  AS envoy

FROM python:3.13.6-slim AS arch
# Purge PAM to avoid CVE-2025-6020 and install needed tools

# 1) Install what you need while apt still works
RUN set -eux; \
  apt-get update; \
  apt-get install -y --no-install-recommends supervisor gettext-base curl; \
  apt-get clean; rm -rf /var/lib/apt/lists/*

# 2) Force-remove PAM packages (don’t use apt here)
#    We ignore dependencies and remove files so scanners don’t find them.
RUN set -eux; \
  dpkg -r --force-depends libpam-modules libpam-modules-bin libpam-runtime libpam0g || true; \
  dpkg -P --force-all libpam-modules libpam-modules-bin libpam-runtime libpam0g || true; \
  rm -rf /etc/pam.d /lib/*/security /usr/lib/security || true

COPY --from=builder /arch/target/wasm32-wasip1/release/prompt_gateway.wasm /etc/envoy/proxy-wasm-plugins/prompt_gateway.wasm
COPY --from=builder /arch/target/wasm32-wasip1/release/llm_gateway.wasm /etc/envoy/proxy-wasm-plugins/llm_gateway.wasm
COPY --from=builder /arch/target/release/brightstaff /app/brightstaff
COPY --from=envoy /usr/local/bin/envoy /usr/local/bin/envoy

WORKDIR /app

# Install uv using pip
RUN pip install --no-cache-dir uv

# Copy Python dependency files
COPY cli/pyproject.toml ./
COPY cli/uv.lock ./
COPY cli/README.md ./

RUN uv run pip install --no-cache-dir .

# Copy the rest of the application
COPY cli .
COPY config/envoy.template.yaml .
COPY config/arch_config_schema.yaml .
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN mkdir -p /var/log/supervisor && touch /var/log/envoy.log /var/log/supervisor/supervisord.log

RUN mkdir -p /var/log && \
    touch /var/log/access_ingress.log /var/log/access_ingress_prompt.log /var/log/access_internal.log /var/log/access_llm.log /var/log/access_agent.log

ENTRYPOINT ["sh","-c", "/usr/bin/supervisord"]
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
+								# build docker image for arch gateway
-												upgrade rust to 1.93.0 and fix pre-commit (#720)


											
										
										
											2026-02-02 11:03:12 -08:00
+								FROM rust:1.93.0 AS builder
-												update rust toolchain to 1.82 (#255)

* update rust to 1.82 pin it, also update envoy to 1.32 and python to 3.13

* use python:3.12
											
										
										
											2024-11-12 10:35:14 -08:00
+								RUN rustup -v target add wasm32-wasip1
-												rename envoyfilter => arch (#91)

* rename envoyfilter => arch

* fix more files

* more fixes

* more renames
											
										
										
											2024-09-27 16:41:39 -07:00
+								WORKDIR /arch
-												split wasm filter (#186)

* split wasm filter

* fix int and unit tests

* rename public_types => common and move common code there

* rename

* fix int test
											
										
										
											2024-10-16 14:20:26 -07:00
+								COPY crates .
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
+								RUN cargo build --release --target wasm32-wasip1 -p prompt_gateway -p llm_gateway
 								RUN cargo build --release -p brightstaff
-												Add workflow logic for weather forecast demo (#24)


											
										
										
											2024-07-30 16:23:23 -07:00
-												update envoy to 1.36.4 (#662)


											
										
										
											2025-12-25 20:54:30 -08:00
+								FROM docker.io/envoyproxy/envoy:v1.36.4  AS envoy
-												simplify developer getting started experience (#102)

* Fixed build. Now, we have a bare bones version of the docker-compose file with only two services, archgw and archgw-model-server. Tested using CLI

* some pre-commit fixes

* fixed cargo formatting issues

* fixed model server conflict changes

---------

Co-authored-by: Salman Paracha <salmanparacha@MacBook-Pro-261.local>
											
										
										
											2024-10-01 10:02:23 -07:00
-												update base image to python3.13 (#554)


											
										
										
											2025-08-13 14:20:46 -07:00
+								FROM python:3.13.6-slim AS arch
-												fix cve_2025-6020 by removing libpam (#551)

* fix cve_2025-6020 by removing libpam

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
											
										
										
											2025-08-12 13:20:04 -07:00
+								# Purge PAM to avoid CVE-2025-6020 and install needed tools
 								# 1) Install what you need while apt still works
 								RUN set -eux; \
 								  apt-get update; \
 								  apt-get install -y --no-install-recommends supervisor gettext-base curl; \
 								  apt-get clean; rm -rf /var/lib/apt/lists/*
 								# 2) Force-remove PAM packages (don’t use apt here)
 								#    We ignore dependencies and remove files so scanners don’t find them.
 								RUN set -eux; \
 								  dpkg -r --force-depends libpam-modules libpam-modules-bin libpam-runtime libpam0g || true; \
 								  dpkg -P --force-all libpam-modules libpam-modules-bin libpam-runtime libpam0g || true; \
 								  rm -rf /etc/pam.d /lib/*/security /usr/lib/security || true
-												Add support for streaming and fixes few issues (see description) (#202)


											
										
										
											2024-10-28 20:05:06 -04:00
-												update rust toolchain to 1.82 (#255)

* update rust to 1.82 pin it, also update envoy to 1.32 and python to 3.13

* use python:3.12
											
										
										
											2024-11-12 10:35:14 -08:00
+								COPY --from=builder /arch/target/wasm32-wasip1/release/prompt_gateway.wasm /etc/envoy/proxy-wasm-plugins/prompt_gateway.wasm
 								COPY --from=builder /arch/target/wasm32-wasip1/release/llm_gateway.wasm /etc/envoy/proxy-wasm-plugins/llm_gateway.wasm
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
+								COPY --from=builder /arch/target/release/brightstaff /app/brightstaff
-												simplify developer getting started experience (#102)

* Fixed build. Now, we have a bare bones version of the docker-compose file with only two services, archgw and archgw-model-server. Tested using CLI

* some pre-commit fixes

* fixed cargo formatting issues

* fixed model server conflict changes

---------

Co-authored-by: Salman Paracha <salmanparacha@MacBook-Pro-261.local>
											
										
										
											2024-10-01 10:02:23 -07:00
+								COPY --from=envoy /usr/local/bin/envoy /usr/local/bin/envoy
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
-												move custom tracer to llm filter (#267)


											
										
										
											2024-11-15 10:44:01 -08:00
+								WORKDIR /app
-												use uv instead of poetry (#663)


											
										
										
											2025-12-26 11:21:42 -08:00
 								# Install uv using pip
 								RUN pip install --no-cache-dir uv
 								# Copy Python dependency files
 								COPY cli/pyproject.toml ./
 								COPY cli/uv.lock ./
 								COPY cli/README.md ./
 								RUN uv run pip install --no-cache-dir .
 								# Copy the rest of the application
-												restructure cli (#656)


											
										
										
											2025-12-25 14:55:29 -08:00
+								COPY cli .
 								COPY config/envoy.template.yaml .
 								COPY config/arch_config_schema.yaml .
 								COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-												fix cve_2025-6020 by removing libpam (#551)

* fix cve_2025-6020 by removing libpam

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
											
										
										
											2025-08-12 13:20:04 -07:00
+								RUN mkdir -p /var/log/supervisor && touch /var/log/envoy.log /var/log/supervisor/supervisord.log
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
-												stream access logs and improve access log format (#581)


											
										
										
											2025-09-30 18:46:13 -07:00
+								RUN mkdir -p /var/log && \
-												ensure that request id is consistent (#677)

* ensure that request id is consistent

* remove test debug/info statements
											
										
										
											2026-01-07 08:44:41 -08:00
+								    touch /var/log/access_ingress.log /var/log/access_ingress_prompt.log /var/log/access_internal.log /var/log/access_llm.log /var/log/access_agent.log
-												stream access logs and improve access log format (#581)


											
										
										
											2025-09-30 18:46:13 -07:00
-												Introduce brightstaff a new terminal service for llm routing (#477)


											
										
										
											2025-05-19 09:59:22 -07:00
+								ENTRYPOINT ["sh","-c", "/usr/bin/supervisord"]