Dockerfile

# syntax=docker/dockerfile:1.7
FROM python:3.13-slim

ENV DEBIAN_FRONTEND=noninteractive \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PIP_NO_CACHE_DIR=1 \
    HOME=/data \
    MEMPALACE_PALACE_PATH=/data/palace

# libgomp1: required at runtime by onnxruntime (used by chromadb's default
# embedding function — all-MiniLM-L6-v2 ONNX).
RUN apt-get update \
 && apt-get install -y --no-install-recommends ca-certificates libgomp1 \
 && rm -rf /var/lib/apt/lists/*

# Unraid convention: appdata is owned by nobody:users (99:100). Run as that
# UID/GID so files written to /data inherit the right ownership on the host.
RUN groupadd -g 100 users \
 && useradd  -u 99 -g 100 -m -d /data -s /usr/sbin/nologin mempalace

WORKDIR /build
COPY pyproject.toml README.md ./
COPY mempalace ./mempalace
RUN pip install --no-cache-dir . mcp-proxy \
 && rm -rf /build

WORKDIR /data
RUN chown -R 99:100 /data
USER 99:100

# 8765 — MCP over SSE (mcp-proxy)
# 8766 — HTTP ingest (in-process thread, started when MEMPALACE_INGEST_PORT set)
EXPOSE 8765 8766

HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
  CMD python -c "import socket,sys;s=socket.socket();s.settimeout(2);sys.exit(0 if s.connect_ex(('127.0.0.1',8765))==0 else 1)"

# mcp-proxy wraps the stdio MCP server and exposes it as SSE on :8765.
# --pass-environment forwards MEMPALACE_* vars to the spawned child.
CMD ["mcp-proxy","--sse-host","0.0.0.0","--sse-port","8765","--pass-environment","--","mempalace-mcp"]
cleanup and remote only 2026-05-09 10:52:25 -05:00			`# syntax=docker/dockerfile:1.7`
			`FROM python:3.13-slim`

			`ENV DEBIAN_FRONTEND=noninteractive \`
			`PYTHONUNBUFFERED=1 \`
			`PYTHONDONTWRITEBYTECODE=1 \`
			`PIP_NO_CACHE_DIR=1 \`
			`HOME=/data \`
			`MEMPALACE_PALACE_PATH=/data/palace`

			`# libgomp1: required at runtime by onnxruntime (used by chromadb's default`
			`# embedding function — all-MiniLM-L6-v2 ONNX).`
			`RUN apt-get update \`
			`&& apt-get install -y --no-install-recommends ca-certificates libgomp1 \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Unraid convention: appdata is owned by nobody:users (99:100). Run as that`
			`# UID/GID so files written to /data inherit the right ownership on the host.`
			`RUN groupadd -g 100 users \`
			`&& useradd -u 99 -g 100 -m -d /data -s /usr/sbin/nologin mempalace`

			`WORKDIR /build`
			`COPY pyproject.toml README.md ./`
			`COPY mempalace ./mempalace`
			`RUN pip install --no-cache-dir . mcp-proxy \`
			`&& rm -rf /build`

			`WORKDIR /data`
			`RUN chown -R 99:100 /data`
			`USER 99:100`

			`# 8765 — MCP over SSE (mcp-proxy)`
			`# 8766 — HTTP ingest (in-process thread, started when MEMPALACE_INGEST_PORT set)`
			`EXPOSE 8765 8766`

			`HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \`
			`CMD python -c "import socket,sys;s=socket.socket();s.settimeout(2);sys.exit(0 if s.connect_ex(('127.0.0.1',8765))==0 else 1)"`

			`# mcp-proxy wraps the stdio MCP server and exposes it as SSE on :8765.`
			`# --pass-environment forwards MEMPALACE_* vars to the spawned child.`
			`CMD ["mcp-proxy","--sse-host","0.0.0.0","--sse-port","8765","--pass-environment","--","mempalace-mcp"]`