-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
103 lines (98 loc) · 3.42 KB
/
Copy pathdocker-compose.yml
File metadata and controls
103 lines (98 loc) · 3.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# =============================================================================
# rust — Coverage-Guided Semantic Fuzzer
# =============================================================================
# Four services: ollama (shared), arcp-runtime, harness-runner (private net
# only — do NOT publish :9100), arcp-client.
# -----------------------------------------------------------------------------
include:
- path: ../shared/docker-compose.ollama.yml
volumes:
runtime-store:
work-corpus:
work-crashes:
services:
arcp-runtime:
build:
context: .
args:
ARCP_SDK_VERSION: ${ARCP_SDK_VERSION:-latest}
BIN: fuzz-runtime
image: arcp-sdk-examples/rust-runtime:dev
container_name: arcp-rust-runtime
depends_on:
ollama:
condition: service_healthy
harness-runner:
condition: service_started
environment:
ROLE: runtime
OLLAMA_URL: ${OLLAMA_URL:-http://ollama:11434}
OLLAMA_MODEL: ${OLLAMA_MODEL:-qwen2.5:1.5b-instruct}
ARCP_RUNTIME_HOST: ${ARCP_RUNTIME_HOST:-0.0.0.0}
ARCP_RUNTIME_PORT: ${ARCP_RUNTIME_PORT:-8080}
ARCP_RUNTIME_PATH: ${ARCP_RUNTIME_PATH:-/arcp}
ARCP_AUTH_TOKEN: ${ARCP_AUTH_TOKEN:-dev-token-change-me}
ARCP_AGENT_NAME: ${ARCP_AGENT_NAME:-fuzz.explore}
FUZZ_TARGET_PATH: ${FUZZ_TARGET_PATH:-/work/target}
FUZZ_SEED_CORPUS: ${FUZZ_SEED_CORPUS:-/work/seed_corpus}
FUZZ_RUN_TIMEOUT_MS: ${FUZZ_RUN_TIMEOUT_MS:-250}
FUZZ_BUDGET_USD: ${FUZZ_BUDGET_USD:-1.00}
FUZZ_BUDGET_EXECS: ${FUZZ_BUDGET_EXECS:-50000}
RUNNER_URL: ${RUNNER_URL:-http://harness-runner:9100/run}
RUNTIME_STORE: ${RUNTIME_STORE:-/data/fuzz.db}
LOG_LEVEL: ${LOG_LEVEL:-info}
volumes:
- runtime-store:/data
- work-corpus:/work/corpus
- work-crashes:/work/crashes
ports:
- "${ARCP_RUNTIME_PORT:-8080}:${ARCP_RUNTIME_PORT:-8080}"
healthcheck:
test: ["CMD-SHELL", "nc -z 127.0.0.1 ${ARCP_RUNTIME_PORT:-8080} || exit 1"]
interval: 5s
timeout: 3s
retries: 30
start_period: 10s
harness-runner:
build:
context: .
args:
BIN: fuzz-runner
image: arcp-sdk-examples/rust-runner:dev
container_name: arcp-rust-runner
# Private network only — DO NOT publish 9100. The runtime reaches us
# via service DNS. (PROMPT §3, §6.)
expose:
- "9100"
environment:
RUNNER_PORT: ${RUNNER_PORT:-9100}
RUNNER_SECCOMP: ${RUNNER_SECCOMP:-strict}
FUZZ_TARGET_PATH: ${FUZZ_TARGET_PATH:-/work/target}
LOG_LEVEL: ${LOG_LEVEL:-info}
volumes:
- work-corpus:/work/corpus
- work-crashes:/work/crashes
arcp-client:
build:
context: .
args:
ARCP_SDK_VERSION: ${ARCP_SDK_VERSION:-latest}
BIN: fuzz-client
image: arcp-sdk-examples/rust-client:dev
container_name: arcp-rust-client
depends_on:
arcp-runtime:
condition: service_healthy
environment:
ROLE: client
ARCP_RUNTIME_URL: ws://arcp-runtime:${ARCP_RUNTIME_PORT:-8080}${ARCP_RUNTIME_PATH:-/arcp}
ARCP_AUTH_TOKEN: ${ARCP_AUTH_TOKEN:-dev-token-change-me}
ARCP_AGENT_NAME: ${ARCP_AGENT_NAME:-fuzz.explore}
LOG_LEVEL: ${LOG_LEVEL:-info}
# Mount crash + corpus volumes read-only so the client can persist
# downloads back to the host via the named volume.
volumes:
- work-corpus:/work/corpus:ro
- work-crashes:/work/crashes:ro
stdin_open: true
tty: true