Kayos 4e668a79e1 v0.1 step 1: Dockerfile + per-language toolchain smoke

Monolith image with every toolchain in the spec:
- Python 3.12 + uv/ruff/mypy/pytest/pip-audit/semgrep
- Node 22 LTS + bun
- Go 1.22 + govulncheck/staticcheck
- Rust stable + cargo-audit/cargo-deny
- Ruby 3.x + bundler-audit
- PHP 8.x + composer/phpstan
- JDK 17 + 21 + Maven + Gradle
- .NET 8 SDK
- Swift 5.9.2
- Kotlin 1.9.25
- clang + cmake + valgrind + ASan/UBSan/TSan
- bash + shellcheck

smoke.sh proves each toolchain compiles + runs a hello-world.
compose.yml uses the existing 'sulkta' bridge network.

No API yet (steps 2-3); no MCP yet (step 7); no runner yet (step 4).
This is the foundation.

NOTE: docker build + smoke verification not yet run — sandbox doesn't
have docker. Needs `docker compose build && docker compose up` on Lucy
or any real Docker host before we trust the Dockerfile.

Spec: memory/spec-crafting-table.md

2026-04-29 07:29:53 -07:00

3.8 KiB

Raw Blame History

crafting-table

Polyglot dev/build/audit container — the build farm for the Sulkta ecosystem.

What this is

A single Docker container with every toolchain we work with, used as a reliable place to compile / test / audit any Sulkta repo regardless of where the caller is — agents, Claude sessions, ad-hoc curl, scheduled cron.

Eventual surface (v0.1 full): HTTP API + MCP server + project registry + job runner + structured findings + email digest + autonomous patch loop through clawdforge.

Spec: Sulkta-Coop/openclaw-workspace/memory/spec-crafting-table.md (LAN-only).

Status — v0.1 step 1 of 10

Step 1: Dockerfile + per-language smoke
Step 2: SQLite ledger + project registry
Step 3: HTTP API skeleton (FastAPI, port 8810)
Step 4: Job runner core (asyncio worker pool)
Step 5: Per-language parsers (Rust / Python / Go / TS first)
Step 6: Findings extraction + storage
Step 7: MCP server (stdio JSON-RPC, 8 tools)
Step 8: Email digest scheduler
Step 9: Autonomous patch loop (clawdforge integration)
Step 10: Production recipes — clawdforge, cauldron, tradecraft

Toolchains in v0.1

Lang	Versions / extras
Python	3.11 (Debian default) + uv, pipx, pip-audit, ruff, mypy, pytest, semgrep
Node	22.11.0 LTS + npm, pnpm, tsx, eslint, typescript
Bun	latest (rolling)
Go	1.22.10 + govulncheck, staticcheck
Rust	stable (rustup) + clippy, rustfmt, cargo-audit, cargo-deny
Ruby	3.1 (Debian default) + bundler, bundler-audit, rubocop
PHP	8.2 (Debian default) + composer, phpstan, phpunit
JDK	17 (default) + 21 (Temurin, alongside via `JAVA_HOME_21`)
Maven	3.x (Debian)
Gradle	8.10
.NET	8.0 SDK
Swift	5.9.2 (Ubuntu 22.04 tarball — works on Debian bookworm)
Kotlin	1.9.25 (compiler)
C/C++	clang + lld + cmake + ninja + valgrind
Bash	bash + shellcheck + bats + shfmt
Generic	git, jq, yq, ripgrep, fd, gh-cli, curl, wget

Build + smoke

docker network inspect sulkta >/dev/null 2>&1 || docker network create sulkta
docker compose build
docker compose up
# expect: "=== ALL TOOLCHAINS GREEN ===" then exit 0

The smoke compiles + runs a hello-world in every language. If it exits 0, the image is good.

Image notes

Base: debian:bookworm-slim. Swift uses the upstream Ubuntu 22.04 tarball which links against bookworm's libicu/libstdc++ baseline.
Runs as non-root user crafter (uid 1000) with passwordless sudo.
Volume mount points: /workspace, /caches/{cargo,maven,gradle,npm,pip,bun}, /data. Compose binds these to named volumes so they survive compose down.
Network: external sulkta bridge (same one clawdforge + cauldron use). Create with docker network create sulkta if missing.
Image size baseline is large (8-15 GB expected). Per spec: that's fine.

Layout

.
├── Dockerfile        # monolith image with all toolchains
├── compose.yml       # build + run-smoke wiring
├── smoke.sh          # per-language hello-world test, baked in at /usr/local/bin/smoke.sh
├── README.md
├── LICENSE           # MIT
└── .gitignore

License

MIT

3.8 KiB Raw Blame History