docker-compose-test.yml

services:
  # === Core Infrastructure ===
  
  # Shared PostgreSQL database (used by both application and Langfuse)
  rag_search_db:
    image: postgres:14.1
    container_name: rag_search_db
    restart: always
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: dbadmin
      POSTGRES_DB: rag-search
    volumes:
      - test_rag_search_db:/var/lib/postgresql/data
    ports:
      - "5436:5432"
    networks:
      - test-network
  
  # Ruuter Private - API gateway for private endpoint
  ruuter-private:
    container_name: ruuter-private
    image: ghcr.io/buerokratt/ruuter:v2.2.8
    environment:
      - application.cors.allowedOrigins=http://localhost:8088,http://localhost:3001,http://localhost:3003,http://localhost:3004,http://localhost:8080,http://localhost:8000,http://localhost:8090
      - application.httpCodesAllowList=200,201,202,204,400,401,403,500
      - application.internalRequests.allowedIPs=127.0.0.1
      - application.logging.displayRequestContent=true
      - application.logging.displayResponseContent=true
      - application.logging.printStackTrace=true
      - application.internalRequests.disabled=true
      - server.port=8088
    volumes:
      - ./DSL/Ruuter.private:/DSL
      - ./constants.ini:/app/constants.ini
    ports:
      - 8088:8088
    networks:
      - test-network

  # Ruuter Public - API gateway for public endpoints
  ruuter-public:
    container_name: ruuter-public
    image: ghcr.io/buerokratt/ruuter:v2.2.8
    environment:
      - application.cors.allowedOrigins=http://localhost:8086,http://localhost:3001,http://localhost:3003,http://localhost:3004,http://localhost:8080,http://localhost:8000,http://localhost:8090
      - application.httpCodesAllowList=200,201,202,204,400,401,403,500
      - application.internalRequests.allowedIPs=127.0.0.1
      - application.logging.displayRequestContent=true
      - application.logging.displayResponseContent=true
      - application.logging.printStackTrace=true
      - application.internalRequests.disabled=true
      - server.port=8086
    volumes:
      - ./DSL/Ruuter.public:/DSL
      - ./constants.ini:/app/constants.ini
    ports:
      - 8086:8086
    networks:
      - test-network

  # Cron-Manager - Scheduled job execution for vector indexing
  cron-manager:
    container_name: cron-manager
    image: ghcr.io/buerokratt/cronmanager:python-1.2.0
    user: "root"
    volumes:
      - ./DSL/CronManager/DSL:/DSL
      - ./DSL/CronManager/script:/app/scripts
      - ./src/vector_indexer:/app/src/vector_indexer
      - ./datasets:/app/datasets
      - ./grafana-configs/loki_logger.py:/app/src/vector_indexer/loki_logger.py
      - ./test-vault/agent-out:/agent/out:ro
    environment:
      - server.port=9010
      - PYTHONPATH=/app:/app/src:/app/src/vector_indexer
      - VAULT_ADDR=http://vault:8200
      - VAULT_TOKEN_FILE=/agent/out/token
    ports:
      - 9010:8080
    depends_on:
      - vault-agent-llm
      - vault
    networks:
      - test-network

  # Resql - SQL-based microservice for RAG operations
  resql:
    container_name: resql
    image: ghcr.io/buerokratt/resql:v1.3.6
    depends_on:
      rag_search_db:
        condition: service_started
    environment:
      - sqlms.datasources.[0].name=byk
      - sqlms.datasources.[0].jdbcUrl=jdbc:postgresql://rag_search_db:5432/rag-search #For LocalDb Use
      # sqlms.datasources.[0].jdbcUrl=jdbc:postgresql://171.22.247.13:5435/byk?sslmode=require
      - sqlms.datasources.[0].username=postgres
      - sqlms.datasources.[0].password=dbadmin
      - logging.level.org.springframework.boot=INFO
    ports:
      - 8082:8082
    volumes:
      - ./DSL/Resql:/DSL
      - ./shared:/shared
      - ./DSL/DatasetGenerator/output_datasets:/app/output_datasets
    networks:
      - test-network

  # Vector database for RAG
  qdrant:
    image: qdrant/qdrant:v1.15.1
    container_name: qdrant
    restart: always
    ports:
      - "6333:6333"
      - "6334:6334"
    volumes:
      - test_qdrant_data:/qdrant/storage
    networks:
      - test-network

  # === Secret Management ===
  
  # Vault - Secret management (dev mode)
  vault:
    image: hashicorp/vault:1.20.3
    container_name: vault
    cap_add:
      - IPC_LOCK
    ports:
      - "8200:8200"
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: root
      VAULT_ADDR: http://0.0.0.0:8200
      VAULT_API_ADDR: http://0.0.0.0:8200
    command: server -dev -dev-listen-address=0.0.0.0:8200
    networks:
      - test-network

  # Vault Agent - Automatic token management via AppRole
  vault-agent-llm:
    image: hashicorp/vault:1.20.3
    container_name: vault-agent-llm
    depends_on:
      - vault
    volumes:
      - ./test-vault/agents/llm:/agent/in
      - ./test-vault/agent-out:/agent/out
    entrypoint: ["sh", "-c"]
    command:
      - |
        # Wait for Vault to be ready
        sleep 5
        echo "Waiting for AppRole credentials..."
        while [ ! -f /agent/in/role_id ] || [ ! -s /agent/in/role_id ]; do
          sleep 1
        done
        while [ ! -f /agent/in/secret_id ] || [ ! -s /agent/in/secret_id ]; do
          sleep 1
        done
        echo "Credentials found, starting Vault Agent..."
        exec vault agent -config=/agent/in/agent.hcl -log-level=debug
    networks:
      - test-network

  # === Langfuse Observability Stack ===
  
  # Redis - Queue and cache for Langfuse
  redis:
    image: redis:7
    container_name: redis
    restart: always
    command: --requirepass myredissecret
    ports:
      - "127.0.0.1:6379:6379"
    networks:
      - test-network

  # MinIO - S3-compatible storage for Langfuse
  minio:
    image: minio/minio:latest
    container_name: minio
    restart: always
    entrypoint: sh
    command: -c "mkdir -p /data/langfuse && minio server /data --address ':9000' --console-address ':9001'"
    environment:
      MINIO_ROOT_USER: minio
      MINIO_ROOT_PASSWORD: miniosecret
    ports:
      - "9000:9000"
      - "127.0.0.1:9091:9001"
    volumes:
      - test_minio_data:/data
    networks:
      - test-network

  # ClickHouse - Analytics database for Langfuse (REQUIRED in v3)
  clickhouse:
    image: clickhouse/clickhouse-server:24.3
    container_name: clickhouse
    restart: always
    environment:
      CLICKHOUSE_DB: default
      CLICKHOUSE_USER: default
      CLICKHOUSE_PASSWORD: clickhouse
    volumes:
      - test_clickhouse_data:/var/lib/clickhouse
    ports:
      - "127.0.0.1:8123:8123"
      - "127.0.0.1:9002:9000"
    networks:
      - test-network
    ulimits:
      nofile:
        soft: 262144
        hard: 262144

  # Langfuse Worker - Background job processor
  langfuse-worker:
    image: langfuse/langfuse-worker:3
    container_name: langfuse-worker
    restart: always
    depends_on:
      - rag_search_db
      - minio
      - redis
      - clickhouse
    ports:
      - "127.0.0.1:3030:3030"
    environment:
      # Database
      DATABASE_URL: postgresql://postgres:dbadmin@rag_search_db:5432/rag-search
      
      # Auth & Security (TEST VALUES ONLY - NOT FOR PRODUCTION)
      # gitleaks:allow - These are test-only hex strings
      NEXTAUTH_URL: http://localhost:3000
      SALT: ${SALT}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
      
      # Features
      TELEMETRY_ENABLED: "false"
      LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES: "false"
      
      # ClickHouse (REQUIRED for Langfuse v3)
      CLICKHOUSE_MIGRATION_URL: clickhouse://clickhouse:9000/default
      CLICKHOUSE_URL: http://clickhouse:8123
      CLICKHOUSE_USER: default
      CLICKHOUSE_PASSWORD: clickhouse
      CLICKHOUSE_CLUSTER_ENABLED: "false"
      
      # S3/MinIO Event Upload
      LANGFUSE_S3_EVENT_UPLOAD_BUCKET: langfuse
      LANGFUSE_S3_EVENT_UPLOAD_REGION: us-east-1
      LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID: minio
      LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY: miniosecret
      LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT: http://minio:9000
      LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE: "true"
      
      # S3/MinIO Media Upload
      LANGFUSE_S3_MEDIA_UPLOAD_BUCKET: langfuse
      LANGFUSE_S3_MEDIA_UPLOAD_REGION: us-east-1
      LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID: minio
      LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY: miniosecret
      LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT: http://minio:9000
      LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE: "true"
      
      # Redis
      REDIS_HOST: redis
      REDIS_PORT: "6379"
      REDIS_AUTH: myredissecret
    networks:
      - test-network

  # Langfuse Web - UI and API
  langfuse-web:
    image: langfuse/langfuse:3
    container_name: langfuse-web
    restart: always
    depends_on:
      - langfuse-worker
      - rag_search_db
      - clickhouse
    ports:
      - "3000:3000"
    environment:
      # Database
      DATABASE_URL: postgresql://postgres:dbadmin@rag_search_db:5432/rag-search
      
      # Auth & Security (TEST VALUES ONLY - NOT FOR PRODUCTION)
      # gitleaks:allow - These are test-only hex strings
      NEXTAUTH_URL: http://localhost:3000
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
      SALT: ${SALT}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
      
      # Features
      TELEMETRY_ENABLED: "false"
      LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES: "false"
      
      # ClickHouse (REQUIRED for Langfuse v3)
      CLICKHOUSE_MIGRATION_URL: clickhouse://clickhouse:9000/default
      CLICKHOUSE_URL: http://clickhouse:8123
      CLICKHOUSE_USER: default
      CLICKHOUSE_PASSWORD: clickhouse
      CLICKHOUSE_CLUSTER_ENABLED: "false"
      
      # S3/MinIO Event Upload
      LANGFUSE_S3_EVENT_UPLOAD_BUCKET: langfuse
      LANGFUSE_S3_EVENT_UPLOAD_REGION: us-east-1
      LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID: minio
      LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY: miniosecret
      LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT: http://minio:9000
      LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE: "true"
      
      # S3/MinIO Media Upload
      LANGFUSE_S3_MEDIA_UPLOAD_BUCKET: langfuse
      LANGFUSE_S3_MEDIA_UPLOAD_REGION: us-east-1
      LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID: minio
      LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY: miniosecret
      LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT: http://minio:9000
      LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE: "true"
      
      # Redis
      REDIS_HOST: redis
      REDIS_PORT: "6379"
      REDIS_AUTH: myredissecret
      
      # Initialize test project with known credentials
      LANGFUSE_INIT_PROJECT_PUBLIC_KEY: pk-lf-test
      LANGFUSE_INIT_PROJECT_SECRET_KEY: sk-lf-test
    networks:
      - test-network

  # === LLM Orchestration Service ===
  
  llm-orchestration-service:
    build:
      context: .
      dockerfile: Dockerfile.llm_orchestration_service
    container_name: llm-orchestration-service
    restart: always
    ports:
      - "8100:8100"
    environment:
      # Infrastructure connections
      - VAULT_ADDR=http://vault:8200
      - VAULT_TOKEN_FILE=/agent/out/token
      - QDRANT_URL=http://qdrant:6333
      - EVAL_MODE=true
      # Disable OpenTelemetry tracing in test environment
      - OTEL_SDK_DISABLED=true
    volumes:
      - ./src/llm_config_module/config:/app/src/llm_config_module/config:ro
      - ./test-vault/agent-out:/agent/out:ro
      - test_llm_orchestration_logs:/app/logs
    depends_on:
      - qdrant
      - langfuse-web
      - vault-agent-llm
    networks:
      - test-network

# === Networks ===

networks:
  test-network:
    name: test-network
    driver: bridge

# === Volumes ===

volumes:
  test_rag_search_db:
    name: test_rag_search_db
  test_qdrant_data:
    name: test_qdrant_data
  test_minio_data:
    name: test_minio_data
  test_clickhouse_data:
    name: test_clickhouse_data
  test_llm_orchestration_logs:
    name: test_llm_orchestration_logs