chore: 加固生产部署配置

- 移除未使用的 Redis 服务
- 移除 PostgreSQL 端口暴露，仅保留 Docker 内部访问
- server 添加 healthcheck，mcp 依赖 server 确保 migration 完成后启动
- .dockerignore 排除 .env 等敏感文件
- .env.example 对齐实际所需字段

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.dockerignore

@@ -2,5 +2,11 @@ node_modules
 .worktrees
 .claude
 .git
+.env
+.env.*
+!.env.example
+dist
+docs
+*.zip
 *.md
 !README.md

.env.example

@@ -1,18 +1,9 @@
-DATABASE_URL=postgresql://agentfox:agentfox@localhost:5432/agentfox
 JWT_SECRET=change-me-to-a-random-secret
 JWT_REFRESH_SECRET=change-me-to-another-random-secret
-GITHUB_CLIENT_ID=
+API_KEY_ENCRYPTION_SECRET=change-me-to-a-64-char-hex-string
-GITHUB_CLIENT_SECRET=
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
-MCP_BASE_URL=http://localhost:3001
+GITHUB_CLIENT_ID=
-SERVER_PORT=3000
+GITHUB_CLIENT_SECRET=
-MCP_PORT=3001
+OAUTH_CALLBACK_BASE_URL=https://your-domain.com
-WEB_PORT=5173
+FRONTEND_URL=https://your-domain.com
-REDIS_URL=redis://localhost:6379
-APPLE_CLIENT_ID=
-APPLE_TEAM_ID=
-APPLE_KEY_ID=
-APPLE_PRIVATE_KEY=
-OAUTH_CALLBACK_BASE_URL=http://localhost:3000
-FRONTEND_URL=http://localhost:5173

docker-compose.dev.yml

@@ -3,10 +3,6 @@ services:
     ports:
       - "5432:5432"
 
-  redis:
-    ports:
-      - "6379:6379"
-
   server:
     build:
       context: .
@@ -28,7 +24,6 @@ services:
       - ./prisma:/app/prisma
     environment:
       DATABASE_URL: postgresql://agentfox:agentfox@postgres:5432/agentfox
-      REDIS_URL: redis://redis:6379
       JWT_SECRET: dev-secret
       JWT_REFRESH_SECRET: dev-refresh-secret
       SERVER_PORT: "3000"
@@ -53,7 +48,6 @@ services:
       - ./prisma:/app/prisma
     environment:
       DATABASE_URL: postgresql://agentfox:agentfox@postgres:5432/agentfox
-      REDIS_URL: redis://redis:6379
       MCP_PORT: "3001"
       NODE_ENV: development
 

docker-compose.yml

@@ -7,33 +7,18 @@ services:
       POSTGRES_DB: agentfox
     volumes:
       - pgdata:/var/lib/postgresql/data
-    ports:
-      - "5432:5432"
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U agentfox"]
       interval: 5s
       timeout: 5s
       retries: 5
 
-  redis:
-    image: redis:7-alpine
-    ports:
-      - "6379:6379"
-    volumes:
-      - redisdata:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
-
   server:
     build:
       context: .
       dockerfile: packages/server/Dockerfile
     environment:
       DATABASE_URL: postgresql://agentfox:agentfox@postgres:5432/agentfox
-      REDIS_URL: redis://redis:6379
       JWT_SECRET: ${JWT_SECRET:-change-me-in-production}
       JWT_REFRESH_SECRET: ${JWT_REFRESH_SECRET:-change-me-refresh-in-production}
       API_KEY_ENCRYPTION_SECRET: ${API_KEY_ENCRYPTION_SECRET:-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef}
@@ -49,8 +34,12 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
-      redis:
+    healthcheck:
-        condition: service_healthy
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
 
   mcp:
     build:
@@ -58,14 +47,11 @@ services:
       dockerfile: packages/mcp/Dockerfile
     environment:
       DATABASE_URL: postgresql://agentfox:agentfox@postgres:5432/agentfox
-      REDIS_URL: redis://redis:6379
       MCP_PORT: "3001"
     ports:
       - "3001:3001"
     depends_on:
-      postgres:
+      server:
-        condition: service_healthy
-      redis:
         condition: service_healthy
 
   web:
@@ -80,4 +66,3 @@ services:
 
 volumes:
   pgdata:
-  redisdata: