feat: add shannon

2026-04-01 17:33:42 +08:00
parent b55fa9819b
commit 6ae63c5d86
16 changed files with 820 additions and 19 deletions
@@ -0,0 +1,172 @@
+# Global Settings
+GLOBAL_REGISTRY=
+TZ=UTC
+
+# Shannon Version (applies to gateway, orchestrator, llm-service, and agent-core)
+SHANNON_VERSION=v0.3.1
+
+# ============================================================
+# LLM API Keys — at least one provider is required
+# ============================================================
+OPENAI_API_KEY=
+ANTHROPIC_API_KEY=
+GOOGLE_API_KEY=
+XAI_API_KEY=
+DEEPSEEK_API_KEY=
+
+# Optional tool/search API keys
+SERPAPI_API_KEY=
+FIRECRAWL_API_KEY=
+
+# ============================================================
+# Security
+# ============================================================
+# IMPORTANT: Change this in production!
+JWT_SECRET=development-only-secret-change-in-production
+
+# Set to 0 to enable JWT authentication in production
+GATEWAY_SKIP_AUTH=1
+
+# ============================================================
+# Service Versions
+# ============================================================
+POSTGRES_VERSION=pg16
+REDIS_VERSION=7.2-alpine
+QDRANT_VERSION=v1.17
+TEMPORAL_VERSION=1.28.3
+TEMPORAL_UI_VERSION=2.40.1
+
+# ============================================================
+# Ports (host-side overrides)
+# ============================================================
+GATEWAY_PORT_OVERRIDE=8080
+TEMPORAL_UI_PORT_OVERRIDE=8088
+
+# ============================================================
+# Database Configuration
+# ============================================================
+POSTGRES_USER=shannon
+POSTGRES_PASSWORD=shannon
+POSTGRES_DB=shannon
+POSTGRES_PORT=5432
+POSTGRES_SSLMODE=disable
+
+# ============================================================
+# Redis Configuration
+# ============================================================
+REDIS_URL=redis://redis:6379
+REDIS_ADDR=redis:6379
+REDIS_TTL_SECONDS=3600
+
+# ============================================================
+# Qdrant Configuration
+# ============================================================
+QDRANT_HOST=qdrant
+QDRANT_PORT=6333
+
+# ============================================================
+# Temporal Configuration
+# ============================================================
+TEMPORAL_NAMESPACE=default
+
+# ============================================================
+# LLM Service Configuration
+# ============================================================
+LLM_SERVICE_URL=http://llm-service:8001
+DEFAULT_MODEL_TIER=small
+MAX_TOKENS=2000
+TEMPERATURE=0.7
+MAX_TOKENS_PER_REQUEST=10000
+MODELS_CONFIG_PATH=/app/config/models.yaml
+
+# ============================================================
+# Agent Core Configuration
+# ============================================================
+# WASI sandbox for secure code execution
+SHANNON_USE_WASI_SANDBOX=1
+WASI_MEMORY_LIMIT_MB=512
+WASI_TIMEOUT_SECONDS=60
+RUST_LOG=info
+
+# ============================================================
+# Orchestrator / Gateway Configuration
+# ============================================================
+ORCHESTRATOR_GRPC=orchestrator:50052
+ADMIN_SERVER=http://orchestrator:8081
+WORKFLOW_SYNTH_BYPASS_SINGLE=true
+PROVIDER_RATE_CONTROL_ENABLED=false
+
+# Worker pool sizes per priority queue
+WORKER_ACT_CRITICAL=12
+WORKER_WF_CRITICAL=12
+WORKER_ACT_HIGH=10
+WORKER_WF_HIGH=10
+WORKER_ACT_NORMAL=8
+WORKER_WF_NORMAL=8
+WORKER_ACT_LOW=4
+WORKER_WF_LOW=4
+
+# ============================================================
+# Observability
+# ============================================================
+OTEL_ENABLED=false
+# OTEL_EXPORTER_OTLP_ENDPOINT=localhost:4317
+DEBUG=false
+ENVIRONMENT=production
+
+# ============================================================
+# Resource Limits
+# ============================================================
+# Gateway
+GATEWAY_CPU_LIMIT=1.0
+GATEWAY_MEMORY_LIMIT=512M
+GATEWAY_CPU_RESERVATION=0.25
+GATEWAY_MEMORY_RESERVATION=256M
+
+# Orchestrator
+ORCHESTRATOR_CPU_LIMIT=2.0
+ORCHESTRATOR_MEMORY_LIMIT=2G
+ORCHESTRATOR_CPU_RESERVATION=0.5
+ORCHESTRATOR_MEMORY_RESERVATION=512M
+
+# LLM Service
+LLM_SERVICE_CPU_LIMIT=2.0
+LLM_SERVICE_MEMORY_LIMIT=2G
+LLM_SERVICE_CPU_RESERVATION=0.5
+LLM_SERVICE_MEMORY_RESERVATION=512M
+
+# Agent Core
+AGENT_CORE_CPU_LIMIT=2.0
+AGENT_CORE_MEMORY_LIMIT=2G
+AGENT_CORE_CPU_RESERVATION=0.5
+AGENT_CORE_MEMORY_RESERVATION=512M
+
+# PostgreSQL
+POSTGRES_CPU_LIMIT=1.0
+POSTGRES_MEMORY_LIMIT=1G
+POSTGRES_CPU_RESERVATION=0.25
+POSTGRES_MEMORY_RESERVATION=256M
+
+# Redis
+REDIS_CPU_LIMIT=0.5
+REDIS_MEMORY_LIMIT=512M
+REDIS_CPU_RESERVATION=0.1
+REDIS_MEMORY_RESERVATION=128M
+
+# Qdrant
+QDRANT_CPU_LIMIT=1.0
+QDRANT_MEMORY_LIMIT=1G
+QDRANT_CPU_RESERVATION=0.25
+QDRANT_MEMORY_RESERVATION=256M
+
+# Temporal
+TEMPORAL_CPU_LIMIT=1.0
+TEMPORAL_MEMORY_LIMIT=1G
+TEMPORAL_CPU_RESERVATION=0.25
+TEMPORAL_MEMORY_RESERVATION=256M
+
+# Temporal UI (metrics profile)
+TEMPORAL_UI_CPU_LIMIT=0.5
+TEMPORAL_UI_MEMORY_LIMIT=256M
+TEMPORAL_UI_CPU_RESERVATION=0.1
+TEMPORAL_UI_MEMORY_RESERVATION=128M
@@ -0,0 +1,41 @@
+.PHONY: setup up down logs ps
+
+# Download required config files from Shannon repository and prepare .env
+setup:
+	@echo "Creating config directory..."
+	mkdir -p config
+	@echo "Downloading Shannon configuration files..."
+	curl -sSL https://raw.githubusercontent.com/Kocoro-lab/Shannon/main/config/models.yaml \
+		-o config/models.yaml
+	curl -sSL https://raw.githubusercontent.com/Kocoro-lab/Shannon/main/config/features.yaml \
+		-o config/features.yaml
+	@if [ ! -f .env ]; then \
+		cp .env.example .env; \
+		echo "Created .env from .env.example. Edit it to add your LLM API keys."; \
+	else \
+		echo ".env already exists, skipping copy."; \
+	fi
+	@echo ""
+	@echo "Setup complete! Next steps:"
+	@echo "  1. Edit .env and set at least one LLM API key (OPENAI_API_KEY or ANTHROPIC_API_KEY)"
+	@echo "  2. Run: make up"
+
+# Start all services (include Temporal UI dashboard with --profile metrics)
+up:
+	docker compose up -d
+
+# Start all services including Temporal UI monitoring dashboard
+up-monitoring:
+	docker compose --profile metrics up -d
+
+# Stop all services
+down:
+	docker compose down
+
+# View logs for all services
+logs:
+	docker compose logs -f
+
+# Show service status
+ps:
+	docker compose ps
@@ -0,0 +1,125 @@
+# Shannon
+
+[English](./README.md) | [中文](./README.zh.md)
+
+This service deploys [Shannon](https://github.com/Kocoro-lab/Shannon), a production-oriented multi-agent orchestration framework. Shannon provides time-travel debugging via Temporal workflows, hard token budgets per task/agent, real-time observability dashboards, WASI sandbox for secure code execution, OPA policy governance, and multi-tenant isolation — all with native support for OpenAI, Anthropic, Google, DeepSeek, and local models.
+
+> **Note:** The `agent-core` service is only built for `linux/amd64`. On Apple Silicon (ARM64), Docker Desktop uses Rosetta emulation automatically.
+
+## Services
+
+- **gateway**: HTTP API gateway — primary entry point for all client requests (port `8080`)
+- **orchestrator**: Core workflow orchestration engine powered by Temporal
+- **llm-service**: LLM provider abstraction with model routing, fallback, and budget control
+- **agent-core**: Rust-based agent execution runtime with WASI sandbox support
+- **postgres**: PostgreSQL with pgvector extension for state and vector storage
+- **redis**: Redis for caching, job queues, and rate limiting
+- **qdrant**: Qdrant vector database for semantic memory
+- **temporal**: Temporal workflow engine for durable, fault-tolerant task execution
+- **temporal-ui**: Temporal Web UI for workflow debugging (enabled via `metrics` profile)
+
+## Quick Start
+
+### Prerequisites
+
+- Docker & Docker Compose v2
+- `curl` (for the setup script)
+- At least one LLM API key (OpenAI, Anthropic, Google, etc.)
+
+### 1. Run Setup
+
+```bash
+make setup
+```
+
+This downloads the required `config/models.yaml` and `config/features.yaml` from the Shannon repository and creates a local `.env` file.
+
+### 2. Add Your LLM API Key
+
+Edit `.env` and set at least one LLM provider key:
+
+```env
+# Choose at least one:
+OPENAI_API_KEY=sk-...
+ANTHROPIC_API_KEY=sk-ant-...
+```
+
+Also update `JWT_SECRET` and set `GATEWAY_SKIP_AUTH=0` for production deployments.
+
+### 3. Start Services
+
+```bash
+make up
+```
+
+Access the Shannon API at `http://localhost:8080`.
+
+### 4. (Optional) Enable Temporal UI Dashboard
+
+To also start the Temporal workflow debugging UI:
+
+```bash
+make up-monitoring
+```
+
+Access Temporal UI at `http://localhost:8088`.
+
+## Core Environment Variables
+
+| Variable                    | Description                                | Default                                        |
+| --------------------------- | ------------------------------------------ | ---------------------------------------------- |
+| `SHANNON_VERSION`           | Version for all Shannon service images     | `v0.3.1`                                       |
+| `OPENAI_API_KEY`            | OpenAI API key (at least one key required) | ``                                             |
+| `ANTHROPIC_API_KEY`         | Anthropic API key                          | ``                                             |
+| `GOOGLE_API_KEY`            | Google AI API key                          | ``                                             |
+| `JWT_SECRET`                | Secret for JWT token signing               | `development-only-secret-change-in-production` |
+| `GATEWAY_SKIP_AUTH`         | Skip auth (set to `0` to enable in prod)   | `1`                                            |
+| `GATEWAY_PORT_OVERRIDE`     | Host port for the API gateway              | `8080`                                         |
+| `TEMPORAL_UI_PORT_OVERRIDE` | Host port for the Temporal UI              | `8088`                                         |
+
+## Database Configuration
+
+| Variable            | Description              | Default      |
+| ------------------- | ------------------------ | ------------ |
+| `POSTGRES_VERSION`  | pgvector image tag       | `pg16`       |
+| `POSTGRES_USER`     | PostgreSQL username      | `shannon`    |
+| `POSTGRES_PASSWORD` | PostgreSQL password      | `shannon`    |
+| `POSTGRES_DB`       | PostgreSQL database name | `shannon`    |
+| `REDIS_VERSION`     | Redis image tag          | `7.2-alpine` |
+| `QDRANT_VERSION`    | Qdrant image tag         | `v1.17`      |
+
+## Agent Configuration
+
+| Variable                   | Description                            | Default   |
+| -------------------------- | -------------------------------------- | --------- |
+| `DEFAULT_MODEL_TIER`       | Default model complexity tier          | `small`   |
+| `SHANNON_USE_WASI_SANDBOX` | Enable WASI sandbox for code execution | `1`       |
+| `WASI_MEMORY_LIMIT_MB`     | Memory limit for WASI sandbox (MB)     | `512`     |
+| `WASI_TIMEOUT_SECONDS`     | Execution timeout for WASI sandbox     | `60`      |
+| `TEMPORAL_NAMESPACE`       | Temporal namespace for workflows       | `default` |
+
+## Observability (Optional)
+
+| Variable                      | Description                  | Default |
+| ----------------------------- | ---------------------------- | ------- |
+| `OTEL_ENABLED`                | Enable OpenTelemetry tracing | `false` |
+| `OTEL_EXPORTER_OTLP_ENDPOINT` | OTLP collector endpoint      | ``      |
+
+## Security Notes
+
+- By default, `GATEWAY_SKIP_AUTH=1` disables JWT authentication for easy local development.
+- **For production**, set `GATEWAY_SKIP_AUTH=0` and use a strong `JWT_SECRET`.
+- Passwords in `.env.example` are for local development only — always change them before deploying to a shared or public environment.
+
+## Configuration Files
+
+Shannon uses YAML configuration files under `./config/`:
+
+- `config/models.yaml` — LLM providers, model tiers, pricing, and routing rules
+- `config/features.yaml` — Feature flags, execution modes, and workflow settings
+
+These are downloaded from the official Shannon repository by `make setup` and can be customized as needed.
+
+## License
+
+Shannon is licensed under the [Apache 2.0 License](https://github.com/Kocoro-lab/Shannon/blob/main/LICENSE).
@@ -0,0 +1,125 @@
+# Shannon
+
+[English](./README.md) | [中文](./README.zh.md)
+
+本服务部署 [Shannon](https://github.com/Kocoro-lab/Shannon)，一个面向生产环境的多智能体编排框架。Shannon 通过 Temporal 工作流引擎提供时光回溯调试能力、按任务 / 智能体的硬性 Token 预算控制、实时可观测性仪表盘、WASI 沙箱安全代码执行、OPA 策略治理以及多租户隔离，并原生支持 OpenAI、Anthropic、Google、DeepSeek 及本地模型。
+
+> **注意：** `agent-core` 服务仅构建了 `linux/amd64` 镜像。在 Apple Silicon（ARM64）上，Docker Desktop 会自动通过 Rosetta 进行仿真运行。
+
+## 服务说明
+
+- **gateway**：HTTP API 网关 —— 所有客户端请求的主入口（端口 `8080`）
+- **orchestrator**：基于 Temporal 的核心工作流编排引擎
+- **llm-service**：LLM 提供商抽象层，支持模型路由、故障转移和预算控制
+- **agent-core**：基于 Rust 的智能体执行运行时，支持 WASI 沙箱
+- **postgres**：带 pgvector 扩展的 PostgreSQL，用于状态和向量存储
+- **redis**：Redis，用于缓存、任务队列和限流
+- **qdrant**：Qdrant 向量数据库，用于语义记忆
+- **temporal**：Temporal 工作流引擎，提供可持久、容错的任务执行
+- **temporal-ui**：Temporal Web UI，用于工作流调试（通过 `metrics` profile 启用）
+
+## 快速开始
+
+### 前置条件
+
+- Docker 及 Docker Compose v2
+- `curl`（用于下载配置文件）
+- 至少一个 LLM API 密钥（OpenAI、Anthropic、Google 等）
+
+### 1. 运行初始化
+
+```bash
+make setup
+```
+
+该命令会从 Shannon 代码仓库下载所需的 `config/models.yaml` 和 `config/features.yaml` 配置文件，并创建本地 `.env` 文件。
+
+### 2. 填写 LLM API 密钥
+
+编辑 `.env` 文件，至少设置一个 LLM 提供商的密钥：
+
+```env
+# 至少选择一个：
+OPENAI_API_KEY=sk-...
+ANTHROPIC_API_KEY=sk-ant-...
+```
+
+在生产环境中，还需要更新 `JWT_SECRET` 并将 `GATEWAY_SKIP_AUTH` 设为 `0`。
+
+### 3. 启动服务
+
+```bash
+make up
+```
+
+通过 `http://localhost:8080` 访问 Shannon API。
+
+### 4. （可选）启用 Temporal UI 仪表盘
+
+若需同时启动 Temporal 工作流调试界面：
+
+```bash
+make up-monitoring
+```
+
+通过 `http://localhost:8088` 访问 Temporal UI。
+
+## 核心环境变量
+
+| 变量名                      | 说明                                      | 默认值                                         |
+| --------------------------- | ----------------------------------------- | ---------------------------------------------- |
+| `SHANNON_VERSION`           | 所有 Shannon 服务镜像的版本号             | `v0.3.1`                                       |
+| `OPENAI_API_KEY`            | OpenAI API 密钥（至少需要一个提供商密钥） | ``                                             |
+| `ANTHROPIC_API_KEY`         | Anthropic API 密钥                        | ``                                             |
+| `GOOGLE_API_KEY`            | Google AI API 密钥                        | ``                                             |
+| `JWT_SECRET`                | JWT Token 签名密钥                        | `development-only-secret-change-in-production` |
+| `GATEWAY_SKIP_AUTH`         | 跳过身份验证（生产环境请设为 `0`）        | `1`                                            |
+| `GATEWAY_PORT_OVERRIDE`     | API 网关的宿主机端口                      | `8080`                                         |
+| `TEMPORAL_UI_PORT_OVERRIDE` | Temporal UI 的宿主机端口                  | `8088`                                         |
+
+## 数据库配置
+
+| 变量名              | 说明                | 默认值       |
+| ------------------- | ------------------- | ------------ |
+| `POSTGRES_VERSION`  | pgvector 镜像标签   | `pg16`       |
+| `POSTGRES_USER`     | PostgreSQL 用户名   | `shannon`    |
+| `POSTGRES_PASSWORD` | PostgreSQL 密码     | `shannon`    |
+| `POSTGRES_DB`       | PostgreSQL 数据库名 | `shannon`    |
+| `REDIS_VERSION`     | Redis 镜像标签      | `7.2-alpine` |
+| `QDRANT_VERSION`    | Qdrant 镜像标签     | `v1.17`      |
+
+## 智能体配置
+
+| 变量名                     | 说明                        | 默认值    |
+| -------------------------- | --------------------------- | --------- |
+| `DEFAULT_MODEL_TIER`       | 默认模型复杂度层级          | `small`   |
+| `SHANNON_USE_WASI_SANDBOX` | 启用 WASI 沙箱执行代码      | `1`       |
+| `WASI_MEMORY_LIMIT_MB`     | WASI 沙箱内存限制（MB）     | `512`     |
+| `WASI_TIMEOUT_SECONDS`     | WASI 沙箱执行超时时间（秒） | `60`      |
+| `TEMPORAL_NAMESPACE`       | Temporal 工作流命名空间     | `default` |
+
+## 可观测性（可选）
+
+| 变量名                        | 说明                        | 默认值  |
+| ----------------------------- | --------------------------- | ------- |
+| `OTEL_ENABLED`                | 启用 OpenTelemetry 链路追踪 | `false` |
+| `OTEL_EXPORTER_OTLP_ENDPOINT` | OTLP 采集器端点             | ``      |
+
+## 安全说明
+
+- 默认情况下，`GATEWAY_SKIP_AUTH=1` 会禁用 JWT 身份验证，便于本地开发。
+- **生产环境**请将 `GATEWAY_SKIP_AUTH` 设为 `0`，并使用强密钥替换 `JWT_SECRET`。
+- `.env.example` 中的密码仅供本地开发使用，在部署到共享或公开环境前务必修改。
+
+## 配置文件说明
+
+Shannon 使用 `./config/` 目录下的 YAML 配置文件：
+
+- `config/models.yaml` —— LLM 提供商、模型层级、定价及路由规则
+- `config/features.yaml` —— 功能开关、执行模式及工作流设置
+
+这些文件通过 `make setup` 从 Shannon 官方代码仓库下载，可根据需要自定义。
+
+## 开源协议
+
+Shannon 采用 [Apache 2.0 协议](https://github.com/Kocoro-lab/Shannon/blob/main/LICENSE) 开源。
@@ -0,0 +1,353 @@
+# Shannon - Production-Oriented Multi-Agent Orchestration Framework
+# https://github.com/Kocoro-lab/Shannon
+#
+# NOTE: Run `make setup` before first launch to download required config files
+# and create your .env file, then add at least one LLM API key.
+
+x-defaults: &defaults
+  restart: unless-stopped
+  logging:
+    driver: json-file
+    options:
+      max-size: 100m
+      max-file: '3'
+
+x-shannon-config: &shannon-config
+  volumes:
+    - ./config:/app/config:ro
+
+services:
+  postgres:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-}pgvector/pgvector:${POSTGRES_VERSION:-pg16}
+    environment:
+      TZ: ${TZ:-UTC}
+      POSTGRES_USER: ${POSTGRES_USER:-shannon}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-shannon}
+      POSTGRES_DB: ${POSTGRES_DB:-shannon}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: [CMD-SHELL, 'pg_isready -U ${POSTGRES_USER:-shannon} -d ${POSTGRES_DB:-shannon}']
+      interval: 5s
+      timeout: 5s
+      retries: 20
+      start_period: 15s
+    deploy:
+      resources:
+        limits:
+          cpus: ${POSTGRES_CPU_LIMIT:-1.0}
+          memory: ${POSTGRES_MEMORY_LIMIT:-1G}
+        reservations:
+          cpus: ${POSTGRES_CPU_RESERVATION:-0.25}
+          memory: ${POSTGRES_MEMORY_RESERVATION:-256M}
+
+  redis:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-}redis:${REDIS_VERSION:-7.2-alpine}
+    volumes:
+      - redis_data:/data
+    healthcheck:
+      test: [CMD, redis-cli, ping]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+      start_period: 5s
+    deploy:
+      resources:
+        limits:
+          cpus: ${REDIS_CPU_LIMIT:-0.5}
+          memory: ${REDIS_MEMORY_LIMIT:-512M}
+        reservations:
+          cpus: ${REDIS_CPU_RESERVATION:-0.1}
+          memory: ${REDIS_MEMORY_RESERVATION:-128M}
+
+  qdrant:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-}qdrant/qdrant:${QDRANT_VERSION:-v1.17}
+    environment:
+      TZ: ${TZ:-UTC}
+    volumes:
+      - qdrant_data:/qdrant/storage
+    healthcheck:
+      test: [CMD-SHELL, 'wget -qO- http://localhost:6333/health | grep -q ok || exit 1']
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 15s
+    deploy:
+      resources:
+        limits:
+          cpus: ${QDRANT_CPU_LIMIT:-1.0}
+          memory: ${QDRANT_MEMORY_LIMIT:-1G}
+        reservations:
+          cpus: ${QDRANT_CPU_RESERVATION:-0.25}
+          memory: ${QDRANT_MEMORY_RESERVATION:-256M}
+
+  temporal:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-}temporalio/auto-setup:${TEMPORAL_VERSION:-1.28.3}
+    environment:
+      TZ: ${TZ:-UTC}
+      DB: postgres12
+      DB_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_USER: ${POSTGRES_USER:-shannon}
+      POSTGRES_PWD: ${POSTGRES_PASSWORD:-shannon}
+      POSTGRES_SEEDS: postgres
+    depends_on:
+      postgres:
+        condition: service_healthy
+    healthcheck:
+      test: [CMD-SHELL, 'temporal operator cluster health --address localhost:7233 | grep -q SERVING || exit 1']
+      interval: 15s
+      timeout: 10s
+      retries: 10
+      start_period: 60s
+    deploy:
+      resources:
+        limits:
+          cpus: ${TEMPORAL_CPU_LIMIT:-1.0}
+          memory: ${TEMPORAL_MEMORY_LIMIT:-1G}
+        reservations:
+          cpus: ${TEMPORAL_CPU_RESERVATION:-0.25}
+          memory: ${TEMPORAL_MEMORY_RESERVATION:-256M}
+
+  temporal-ui:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-}temporalio/ui:${TEMPORAL_UI_VERSION:-2.40.1}
+    environment:
+      TZ: ${TZ:-UTC}
+      TEMPORAL_ADDRESS: temporal:7233
+    ports:
+      - '${TEMPORAL_UI_PORT_OVERRIDE:-8088}:8080'
+    depends_on:
+      temporal:
+        condition: service_healthy
+    healthcheck:
+      test: [CMD-SHELL, 'wget -qO- http://localhost:8080 > /dev/null || exit 1']
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    profiles:
+      - metrics
+    deploy:
+      resources:
+        limits:
+          cpus: ${TEMPORAL_UI_CPU_LIMIT:-0.5}
+          memory: ${TEMPORAL_UI_MEMORY_LIMIT:-256M}
+        reservations:
+          cpus: ${TEMPORAL_UI_CPU_RESERVATION:-0.1}
+          memory: ${TEMPORAL_UI_MEMORY_RESERVATION:-128M}
+
+  llm-service:
+    <<: [*defaults, *shannon-config]
+    image: ${GLOBAL_REGISTRY:-}waylandzhang/llm-service:${SHANNON_VERSION:-v0.3.1}
+    environment:
+      TZ: ${TZ:-UTC}
+      # LLM API Keys (at least one is required)
+      OPENAI_API_KEY: ${OPENAI_API_KEY:-}
+      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
+      GOOGLE_API_KEY: ${GOOGLE_API_KEY:-}
+      XAI_API_KEY: ${XAI_API_KEY:-}
+      DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY:-}
+      # Optional search/tool API keys
+      SERPAPI_API_KEY: ${SERPAPI_API_KEY:-}
+      FIRECRAWL_API_KEY: ${FIRECRAWL_API_KEY:-}
+      # Internal service configuration
+      POSTGRES_HOST: postgres
+      POSTGRES_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_USER: ${POSTGRES_USER:-shannon}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-shannon}
+      POSTGRES_DB: ${POSTGRES_DB:-shannon}
+      POSTGRES_SSLMODE: ${POSTGRES_SSLMODE:-disable}
+      REDIS_URL: ${REDIS_URL:-redis://redis:6379}
+      REDIS_ADDR: ${REDIS_ADDR:-redis:6379}
+      QDRANT_HOST: ${QDRANT_HOST:-qdrant}
+      QDRANT_PORT: ${QDRANT_PORT:-6333}
+      AGENT_CORE_ADDR: agent-core:50051
+      # Config paths
+      LLM_CONFIG_PATH: /app/config
+      MODELS_CONFIG_PATH: ${MODELS_CONFIG_PATH:-/app/config/models.yaml}
+      # Model selection
+      DEFAULT_MODEL_TIER: ${DEFAULT_MODEL_TIER:-small}
+      MAX_TOKENS: ${MAX_TOKENS:-2000}
+      TEMPERATURE: ${TEMPERATURE:-0.7}
+      MAX_TOKENS_PER_REQUEST: ${MAX_TOKENS_PER_REQUEST:-10000}
+      # Telemetry
+      OTEL_ENABLED: ${OTEL_ENABLED:-false}
+      DEBUG: ${DEBUG:-false}
+      ENVIRONMENT: ${ENVIRONMENT:-production}
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      qdrant:
+        condition: service_healthy
+      agent-core:
+        condition: service_started
+    healthcheck:
+      test: [CMD-SHELL, 'wget -qO- http://localhost:8001/health > /dev/null || exit 1']
+      interval: 15s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          cpus: ${LLM_SERVICE_CPU_LIMIT:-2.0}
+          memory: ${LLM_SERVICE_MEMORY_LIMIT:-2G}
+        reservations:
+          cpus: ${LLM_SERVICE_CPU_RESERVATION:-0.5}
+          memory: ${LLM_SERVICE_MEMORY_RESERVATION:-512M}
+
+  agent-core:
+    <<: [*defaults, *shannon-config]
+    # Note: agent-core is only built for linux/amd64.
+    # On Apple Silicon (ARM64), Docker Desktop uses Rosetta emulation automatically.
+    image: ${GLOBAL_REGISTRY:-}waylandzhang/agent-core:${SHANNON_VERSION:-v0.3.1}
+    platform: linux/amd64
+    environment:
+      TZ: ${TZ:-UTC}
+      RUST_LOG: ${RUST_LOG:-info}
+      CONFIG_PATH: /app/config/features.yaml
+      WASI_MEMORY_LIMIT_MB: ${WASI_MEMORY_LIMIT_MB:-512}
+      WASI_TIMEOUT_SECONDS: ${WASI_TIMEOUT_SECONDS:-60}
+      SHANNON_USE_WASI_SANDBOX: ${SHANNON_USE_WASI_SANDBOX:-1}
+      ENFORCE_TIMEOUT_SECONDS: ${ENFORCE_TIMEOUT_SECONDS:-300}
+      ENFORCE_MAX_TOKENS: ${ENFORCE_MAX_TOKENS:-32768}
+      OTEL_ENABLED: ${OTEL_ENABLED:-false}
+    volumes:
+      - ./config:/app/config:ro
+      - shannon_sessions:/app/sessions
+    healthcheck:
+      test: [CMD-SHELL, 'pgrep -x shannon-agent-core > /dev/null || exit 1']
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    deploy:
+      resources:
+        limits:
+          cpus: ${AGENT_CORE_CPU_LIMIT:-2.0}
+          memory: ${AGENT_CORE_MEMORY_LIMIT:-2G}
+        reservations:
+          cpus: ${AGENT_CORE_CPU_RESERVATION:-0.5}
+          memory: ${AGENT_CORE_MEMORY_RESERVATION:-512M}
+
+  orchestrator:
+    <<: [*defaults, *shannon-config]
+    image: ${GLOBAL_REGISTRY:-}waylandzhang/orchestrator:${SHANNON_VERSION:-v0.3.1}
+    environment:
+      TZ: ${TZ:-UTC}
+      # Temporal workflow engine
+      TEMPORAL_HOST_PORT: temporal:7233
+      TEMPORAL_NAMESPACE: ${TEMPORAL_NAMESPACE:-default}
+      # Internal service URLs
+      LLM_SERVICE_URL: ${LLM_SERVICE_URL:-http://llm-service:8001}
+      QDRANT_HOST: ${QDRANT_HOST:-qdrant}
+      QDRANT_PORT: ${QDRANT_PORT:-6333}
+      # Database and cache
+      POSTGRES_HOST: postgres
+      POSTGRES_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_USER: ${POSTGRES_USER:-shannon}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-shannon}
+      POSTGRES_DB: ${POSTGRES_DB:-shannon}
+      POSTGRES_SSLMODE: ${POSTGRES_SSLMODE:-disable}
+      REDIS_ADDR: ${REDIS_ADDR:-redis:6379}
+      REDIS_URL: ${REDIS_URL:-redis://redis:6379}
+      REDIS_TTL_SECONDS: ${REDIS_TTL_SECONDS:-3600}
+      # Worker pool sizing
+      WORKER_ACT_CRITICAL: ${WORKER_ACT_CRITICAL:-12}
+      WORKER_WF_CRITICAL: ${WORKER_WF_CRITICAL:-12}
+      WORKER_ACT_HIGH: ${WORKER_ACT_HIGH:-10}
+      WORKER_WF_HIGH: ${WORKER_WF_HIGH:-10}
+      WORKER_ACT_NORMAL: ${WORKER_ACT_NORMAL:-8}
+      WORKER_WF_NORMAL: ${WORKER_WF_NORMAL:-8}
+      WORKER_ACT_LOW: ${WORKER_ACT_LOW:-4}
+      WORKER_WF_LOW: ${WORKER_WF_LOW:-4}
+      # Workflow settings
+      WORKFLOW_SYNTH_BYPASS_SINGLE: ${WORKFLOW_SYNTH_BYPASS_SINGLE:-true}
+      PROVIDER_RATE_CONTROL_ENABLED: ${PROVIDER_RATE_CONTROL_ENABLED:-false}
+      # Security
+      JWT_SECRET: ${JWT_SECRET:-development-only-secret-change-in-production}
+      # Telemetry
+      OTEL_ENABLED: ${OTEL_ENABLED:-false}
+      DEBUG: ${DEBUG:-false}
+      ENVIRONMENT: ${ENVIRONMENT:-production}
+    depends_on:
+      temporal:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+      llm-service:
+        condition: service_healthy
+      agent-core:
+        condition: service_started
+    healthcheck:
+      test: [CMD-SHELL, 'wget -qO- http://localhost:8081/health > /dev/null || exit 1']
+      interval: 15s
+      timeout: 5s
+      retries: 10
+      start_period: 60s
+    deploy:
+      resources:
+        limits:
+          cpus: ${ORCHESTRATOR_CPU_LIMIT:-2.0}
+          memory: ${ORCHESTRATOR_MEMORY_LIMIT:-2G}
+        reservations:
+          cpus: ${ORCHESTRATOR_CPU_RESERVATION:-0.5}
+          memory: ${ORCHESTRATOR_MEMORY_RESERVATION:-512M}
+
+  gateway:
+    <<: [*defaults, *shannon-config]
+    image: ${GLOBAL_REGISTRY:-}waylandzhang/gateway:${SHANNON_VERSION:-v0.3.1}
+    environment:
+      TZ: ${TZ:-UTC}
+      PORT: ${GATEWAY_PORT:-8080}
+      ORCHESTRATOR_GRPC: ${ORCHESTRATOR_GRPC:-orchestrator:50052}
+      ADMIN_SERVER: ${ADMIN_SERVER:-http://orchestrator:8081}
+      # Database and cache
+      POSTGRES_HOST: postgres
+      POSTGRES_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_USER: ${POSTGRES_USER:-shannon}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-shannon}
+      POSTGRES_DB: ${POSTGRES_DB:-shannon}
+      POSTGRES_SSLMODE: ${POSTGRES_SSLMODE:-disable}
+      REDIS_URL: ${REDIS_URL:-redis://redis:6379}
+      # Security
+      JWT_SECRET: ${JWT_SECRET:-development-only-secret-change-in-production}
+      # Set GATEWAY_SKIP_AUTH=0 to enable authentication in production
+      GATEWAY_SKIP_AUTH: ${GATEWAY_SKIP_AUTH:-1}
+    ports:
+      - '${GATEWAY_PORT_OVERRIDE:-8080}:8080'
+    depends_on:
+      orchestrator:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    healthcheck:
+      test: [CMD-SHELL, 'wget -qO- http://localhost:8080/health > /dev/null || exit 1']
+      interval: 15s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          cpus: ${GATEWAY_CPU_LIMIT:-1.0}
+          memory: ${GATEWAY_MEMORY_LIMIT:-512M}
+        reservations:
+          cpus: ${GATEWAY_CPU_RESERVATION:-0.25}
+          memory: ${GATEWAY_MEMORY_RESERVATION:-256M}
+
+volumes:
+  postgres_data:
+  redis_data:
+  qdrant_data:
+  shannon_sessions: