Spec: §2 (High-level architecture / compose stack), §7.1 (container boundary).
The local stack mirroring Spec §2: Traefik ingress plus one service per concern. Some services may be skeletons (Langfuse from its upstream image; agent-runner a placeholder) — the deliverable is the topology, routing, and that orchestrator-api builds and routes behind Traefik.
Acceptance criteria
Notes
agent-runner network lockdown + egress allowlist + mount boundary are deliberately split into #8.
Dependencies
Depends on: #2
Spec: §2 (High-level architecture / compose stack), §7.1 (container boundary).
The local stack mirroring Spec §2: Traefik ingress plus one service per concern. Some services may be skeletons (Langfuse from its upstream image;
agent-runnera placeholder) — the deliverable is the topology, routing, and thatorchestrator-apibuilds and routes behind Traefik.Acceptance criteria
docker-compose.ymldefines all Spec §2 services:traefik,orchestrator-ui,orchestrator-api,langfuse,langfuse-db,agent-runner,egress-proxy.orchestrator-apirouted behind it.Dockerfilefororchestrator-apibuilds the FastAPI app from FastAPI application skeleton with health endpoint and settings loading #2.orchestrator-uiservice present (placeholder build acceptable until Phase 6).langfuse+langfuse-db(Postgres) wired to upstream requirements (skeleton config).env_file: .env(gitignored);.env.examplelists the names (ties to Secrets-by-reference resolution and .env.example #5).docker compose configvalidates; theorchestrator-apihealth endpoint is reachable through Traefik when the stack is up.Notes
agent-runnernetwork lockdown + egress allowlist + mount boundary are deliberately split into #8.Dependencies
Depends on: #2