mcpctl/deploy/docker-compose.yml

services:
  postgres:
    image: postgres:16-alpine
    container_name: mcpctl-postgres
    ports:
      - "5432:5432"
    environment:
      POSTGRES_USER: mcpctl
      POSTGRES_PASSWORD: mcpctl_dev
      POSTGRES_DB: mcpctl
    volumes:
      - mcpctl-pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U mcpctl"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - mcpctl

  mcpd:
    build:
      context: ..
      dockerfile: deploy/Dockerfile.mcpd
    container_name: mcpctl-mcpd
    ports:
      - "3100:3100"
    environment:
      DATABASE_URL: postgresql://mcpctl:mcpctl_dev@postgres:5432/mcpctl
      MCPD_PORT: "3100"
      MCPD_HOST: "0.0.0.0"
      MCPD_LOG_LEVEL: info
      MCPD_NODE_RUNNER_IMAGE: mcpctl-node-runner:latest
      MCPD_MCP_NETWORK: mcp-servers
    depends_on:
      postgres:
        condition: service_healthy
    volumes:
      # Mount container runtime socket (Docker or Podman)
      # For Docker: /var/run/docker.sock
      # For Podman: /run/user/<UID>/podman/podman.sock
      - ${CONTAINER_SOCK:-/var/run/docker.sock}:/var/run/docker.sock
    networks:
      - mcpctl
      - mcp-servers
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider http://localhost:3100/healthz || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

  # Base image for npm-based MCP servers (built once, used by mcpd)
  node-runner:
    build:
      context: ..
      dockerfile: deploy/Dockerfile.node-runner
    image: mcpctl-node-runner:latest
    profiles:
      - build
    entrypoint: ["echo", "Image built successfully"]

  postgres-test:
    image: postgres:16-alpine
    container_name: mcpctl-postgres-test
    ports:
      - "5433:5432"
    environment:
      POSTGRES_USER: mcpctl
      POSTGRES_PASSWORD: mcpctl_test
      POSTGRES_DB: mcpctl_test
    tmpfs:
      - /var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U mcpctl"]
      interval: 5s
      timeout: 5s
      retries: 5
    profiles:
      - test

networks:
  mcpctl:
    driver: bridge
  mcp-servers:
    name: mcp-servers
    driver: bridge
    # Not internal — MCP servers need outbound access to reach external APIs
    # (e.g., Grafana, Home Assistant). Isolation is enforced by not binding
    # host ports on MCP server containers; only mcpd can reach them.

volumes:
  mcpctl-pgdata: