fix: Add CREDENTIALS_PATH and REGISTRATION_TOKEN for persistent auth

- Add REGISTRATION_TOKEN env var (replaces legacy AGENT_TOKEN for new registrations) - Add CREDENTIALS_PATH=/home/agent/.letsbe-agent/credentials.json to fix path mismatch (agent runs as root, ~ expands to /root, but volume is mounted at /home/agent/.letsbe-agent) - Reduce CIRCUIT_BREAKER_COOLDOWN from 300s to 30s for faster recovery - Update comments to clarify credential persistence behavior This fixes the issue where agents would fail to reconnect after container restarts because credentials were being saved to /root/.letsbe-agent/ instead of the persisted volume at /home/agent/.letsbe-agent/ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-09 16:01:04 +01:00 · 2025-12-09 16:01:04 +01:00 · 6a94faa0e0
parent 88ec5416fe
commit 6a94faa0e0
1 changed files with 14 additions and 6 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -10,11 +10,19 @@ services:
    environment:
      # Required: Orchestrator connection
      - ORCHESTRATOR_URL=${ORCHESTRATOR_URL:-http://host.docker.internal:8000}
-      - AGENT_TOKEN=${AGENT_TOKEN:-dev-token}

-      # Tenant assignment
-      # Required in production. Set to the tenant UUID this agent belongs to.
-      # Example: TENANT_ID=550e8400-e29b-41d4-a716-446655440000
+      # Registration token for first-time registration (multi-use tokens recommended)
+      # After registration, credentials are persisted and token is no longer needed
+      - REGISTRATION_TOKEN=${REGISTRATION_TOKEN:-}
+
+      # Credentials path - must match the volume mount for persistence across restarts
+      # Agent runs as root, so ~ expands to /root, but volume is at /home/agent/.letsbe-agent
+      - CREDENTIALS_PATH=/home/agent/.letsbe-agent/credentials.json
+
+      # Legacy auth (deprecated - use REGISTRATION_TOKEN instead)
+      - AGENT_TOKEN=${AGENT_TOKEN:-}
+
+      # Tenant assignment (set automatically after registration via token)
      - TENANT_ID=${TENANT_ID:-}

      # Timing (seconds)
@ -30,7 +38,7 @@ services:
      - BACKOFF_BASE=${BACKOFF_BASE:-1.0}
      - BACKOFF_MAX=${BACKOFF_MAX:-60.0}
      - CIRCUIT_BREAKER_THRESHOLD=${CIRCUIT_BREAKER_THRESHOLD:-5}
-      - CIRCUIT_BREAKER_COOLDOWN=${CIRCUIT_BREAKER_COOLDOWN:-300}
+      - CIRCUIT_BREAKER_COOLDOWN=${CIRCUIT_BREAKER_COOLDOWN:-30}

      # Security
      - ALLOWED_FILE_ROOT=${ALLOWED_FILE_ROOT:-/opt/letsbe}
@ -56,7 +64,7 @@ services:
      - /opt/letsbe/stacks:/opt/letsbe/stacks
      - /opt/letsbe/nginx:/opt/letsbe/nginx

-      # Pending results persistence
+      # Credentials and pending results persistence
      - agent_home:/home/agent/.letsbe-agent

      # Playwright artifacts storage