Skip to main content
Risoluto always launches agent workers in Docker containers. The orchestrator itself can run either directly on the host or inside its own container.

Project Structure

The repo ships three Dockerfiles:

Deployment Modes

The simplest way to get started — no environment variables needed:
docker compose up --build
Open http://localhost:4000 and the setup wizard guides you through all credentials.

Named Volumes

VolumePurpose
risoluto-archivesEncrypted secrets, config overlay, auth tokens, run archives
risoluto-workspacesCloned repositories for each issue
codex-authOpenAI Codex login tokens

Container Behavior

Inside Docker, paths resolve differently:
SettingContainer ValuePurpose
DATA_DIR/dataArchive root becomes /data/archives
workspace.root/data/workspacesCloned repos live here inside the container
RISOLUTO_BIND0.0.0.0Listen on all interfaces (required inside Docker)
The PathRegistry automatically translates container paths back to host bind-mount sources before launching worker containers.

Docker Networking

Containers cannot reach the host’s 127.0.0.1. Risoluto automatically:
  1. Adds --add-host=host.docker.internal:host-gateway to every worker container
  2. Rewrites 127.0.0.1 to host.docker.internal in the Codex config.toml
If you use a host-side proxy like CLIProxyAPI, run it once on the host. All sandbox containers reach it over the Docker bridge network.

Control / Data Plane Split

For scale-out scenarios (remote workers, hot upgrades, multi-host), enable remote dispatch mode: 
# .env
DISPATCH_MODE=remote
DISPATCH_URL=http://data-plane:9100/dispatch
DISPATCH_SHARED_SECRET=your-secure-secret-here

# Start both services
docker compose --profile full up --build
The data plane is not exposed to the host — it only listens on the private risoluto-internal bridge network.
ScenarioBenefit
Hot upgradesUpgrade control plane without killing active agents
Multi-host workersData plane runs on remote hosts via SSH
Interactive workspacesWebSocket proxy routes to correct data plane
Multi-repo orchestrationMultiple data planes with different checkouts
Remote dispatch is opt-in. The default DISPATCH_MODE=local runs everything in one process.
Attach worker containers to a specific network:
# config overlay
codex:
  sandbox:
    network: my-custom-network
This passes --network=my-custom-network to every docker run invocation.
For defense-in-depth sandbox isolation, enable gVisor:
codex:
  sandbox:
    security:
      gvisor: true
Requires runsc installed on the Docker host. See the Security guide for details.
Restrict outbound network access from worker containers:
codex:
  sandbox:
    egressAllowlist:
      - "api.openai.com"
      - "api.github.com"
      - "registry.npmjs.org"
Only listed domains are reachable from inside the sandbox.

Sandbox Image Tooling

The Dockerfile.sandbox image ships with:
ToolVersionPurpose
Node.js22 (via nodesource)Runtime
Codex CLIlatestAI agent execution
bubblewrapsystemSandbox isolation (--argv0)
gitsystemSource control
jq, ripgrepsystemJSON processing, search
The container runs as your user (--user $(id -u):$(id -g)) to avoid ownership drift on bind-mounted volumes.
Named Docker volumes survive container/image replacement but not docker system prune --volumes. Do not prune volumes prefixed with risoluto-.

What’s Next

Setup Wizard

Walk through first-time credential configuration.

Configuration

Tune agent concurrency, models, timeouts, and sandbox resources.
Last modified on March 31, 2026