Deployment
Run the gateway in production with Docker.
Docker Compose (recommended)
Create a .env file with your secrets:
.envbash
ANTHROPIC_API_KEY=sk-ant-...
SLACK_SIGNING_SECRET=...
SLACK_BOT_TOKEN=xoxb-...
DISCORD_PUBLIC_KEY=...
DISCORD_BOT_TOKEN=...
TELEGRAM_BOT_TOKEN=...
TELEGRAM_WEBHOOK_SECRET=...Then start the gateway:
bash
cp gateway.json.example gateway.json
# edit gateway.json — leave secret fields empty (read from .env)
cd deploy/docker
docker compose up -dHardened docker run
For manual deployments with full security flags:
bash
docker run \
--rm \
--read-only \
--tmpfs /tmp:rw,noexec,nosuid,size=64m \
--cap-drop ALL \
--security-opt no-new-privileges:true \
--pids-limit 512 \
--memory 1g \
-p 8080:8080 \
-e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
-e GATEWAY_SLACK_BOT_TOKEN=$SLACK_BOT_TOKEN \
-e GATEWAY_SLACK_SIGNING_SECRET=$SLACK_SIGNING_SECRET \
-e GATEWAY_TELEGRAM_BOT_TOKEN=$TELEGRAM_BOT_TOKEN \
-v $(pwd)/gateway.json:/config/gateway.json:ro \
-v gw-workspace:/workspace \
-v gw-data:/data \
ghcr.io/akshaymemane/superclaw-gateway:latestBuild the image locally
bash
docker build -f deploy/docker/Dockerfile -t superclaw-gateway .Reverse proxy (nginx)
Terminate TLS at nginx and proxy webhook traffic to the gateway:
nginx
location /webhook/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 10s;
proxy_send_timeout 10s;
}Health check
bash
curl https://your-domain/health
# {"status":"ok","channels":["slack","discord","telegram"]}Volume mounts
| Mount | Purpose |
|---|---|
| /config/gateway.json | Config file (read-only bind mount) |
| /workspace | Per-task isolated work directories (named volume) |
| /data | Session transcripts and runtime state (named volume) |
| /tmp | Temporary files (tmpfs, cleared on restart) |