docs(design): MS22 DB-centric agent fleet architecture #604

jason.woltje · 2026-03-01T14:17:14Z

jason.woltje commented

2026-03-01 14:17:14 +00:00

Design doc for MS22 Phase 1 rework. Replaces file-based config approach with DB-centric architecture. 2 env vars to bootstrap, onboarding wizard for first-boot, all provider/agent/OIDC config via WebUI settings.

jason.woltje added 1 commit 2026-03-01 14:17:15 +00:00

docs(design): MS22 DB-centric agent fleet architecture 3ceb45c0b2

Minimal env vars (DATABASE_URL + MOSAIC_SECRET_KEY), all config in Postgres,
onboarding wizard, breakglass auth, OIDC via settings UI.

jason.woltje added 1 commit 2026-03-01 14:28:41 +00:00

docs(design): add per-user container model, Docker API lifecycle, full schema 3974e08b6c

- Per-user OpenClaw containers (on-demand, scale to zero)
- Users bring their own API keys/subscriptions
- ContainerLifecycleService manages Docker containers dynamically
- User containers NOT in docker-compose — created at runtime
- 11 task phases with clear dependencies
- Config update strategy: DB change → container restart

jason.woltje added 1 commit 2026-03-01 14:34:48 +00:00

docs(design): add security isolation model — zero cross-user access a640a2f7b8

- Full container, volume, and DB-level isolation per user
- API enforcement: all queries scoped by authenticated userId
- Admins cannot see other users' keys or chat history
- Container-to-container communication blocked by default
- Team workspaces explicitly out of scope

jason.woltje merged commit 4294deda49 into main

2026-03-01 14:35:15 +00:00

jason.woltje referenced this issue from a commit

2026-03-01 14:35:16 +00:00

docs(design): MS22 DB-centric agent fleet architecture (#604)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#604