2578876eeb
This commit introduces secure Docker secrets integration for the ResetData
API key, enabling CHORUS to read sensitive configuration from mounted secret
files instead of environment variables.
## Key Changes:
**Security Enhancement:**
- Modified `pkg/config/config.go` to support reading ResetData API key from
Docker secret files using `getEnvOrFileContent()` pattern
- Enables secure deployment with `RESETDATA_API_KEY_FILE` pointing to
mounted secret file instead of plain text environment variables
**Container Deployment:**
- Added `Dockerfile.simple` for optimized Alpine-based deployment using
pre-built static binaries (chorus-agent)
- Updated `docker-compose.yml` with proper secret mounting configuration
- Fixed container binary path to use new `chorus-agent` instead of deprecated
`chorus` wrapper
**WHOOSH Integration:**
- Critical for WHOOSH wave-based auto-scaling system integration
- Enables secure credential management in Docker Swarm deployments
- Supports dynamic scaling operations while maintaining security standards
## Technical Details:
The ResetData configuration now supports both environment variable fallback
and Docker secrets:
```go
APIKey: getEnvOrFileContent("RESETDATA_API_KEY", "RESETDATA_API_KEY_FILE")
```
This change enables CHORUS to participate in WHOOSH's wave-based scaling
architecture while maintaining production-grade security for API credentials.
## Testing:
- Verified successful deployment in Docker Swarm environment
- Confirmed CHORUS agent initialization with secret-based configuration
- Validated integration with BACKBEAT and P2P networking components
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
CHORUS – Container-First Context Platform (Alpha)
CHORUS is the runtime that ties the CHORUS ecosystem together: libp2p mesh, DHT-backed storage, council/task coordination, and (eventually) SLURP contextual intelligence. The repository you are looking at is the in-progress container-first refactor. Several core systems boot today, but higher-level services (SLURP, SHHH, full HMMM routing) are still landing.
Current Status
| Area | Status | Notes |
|---|---|---|
| libp2p node + PubSub | ✅ Running | internal/runtime/shared.go spins up the mesh, hypercore logging, availability broadcasts. |
| DHT + DecisionPublisher | ✅ Running | Encrypted storage wired through pkg/dht; decisions written via ucxl.DecisionPublisher. |
| Election manager | ✅ Running | Admin election integrated with Backbeat; metrics exposed under pkg/metrics. |
| SLURP (context intelligence) | 🚧 Stubbed | pkg/slurp/slurp.go contains TODOs for resolver, temporal graphs, intelligence. Leader integration scaffolding exists but uses placeholder IDs/request forwarding. |
| SHHH (secrets sentinel) | 🚧 Sentinel live | pkg/shhh redacts hypercore + PubSub payloads with audit + metrics hooks (policy replay TBD). |
| HMMM routing | 🚧 Partial | PubSub topics join, but capability/role announcements and HMMM router wiring are placeholders (internal/runtime/agent_support.go). |
See docs/progress/CHORUS-WHOOSH-development-plan.md for the detailed build plan and docs/progress/CHORUS-WHOOSH-roadmap.md for sequencing.
Quick Start (Alpha)
The container-first workflows are still evolving; expect frequent changes.
git clone https://gitea.chorus.services/tony/CHORUS.git
cd CHORUS
cp docker/chorus.env.example docker/chorus.env
# adjust env vars (KACHING license, bootstrap peers, etc.)
docker compose -f docker/docker-compose.yml up --build
You’ll get a single agent container with:
- libp2p networking (mDNS + configured bootstrap peers)
- election heartbeat
- DHT storage (AGE-encrypted)
- HTTP API + health endpoints
Missing today: SLURP context resolution, advanced SHHH policy replay, HMMM per-issue routing. Expect log warnings/TODOs for those paths.
Roadmap Highlights
- Security substrate – land SHHH sentinel, finish SLURP leader-only operations, validate COOEE enrolment (see roadmap Phase 1).
- Autonomous teams – coordinate with WHOOSH for deployment telemetry + SLURP context export.
- UCXL + KACHING – hook runtime telemetry into KACHING and enforce UCXL validator.
Track progress via the shared roadmap and weekly burndown dashboards.
Related Projects
- WHOOSH – council/team orchestration
- KACHING – telemetry/licensing
- SLURP – contextual intelligence prototypes
- HMMM – meta-discussion layer
Contributing
This repo is still alpha. Please coordinate via the roadmap tickets before landing changes. Major security/runtime decisions should include a Decision Record with a UCXL address so SLURP/BUBBLE can ingest it later.