OAuth cannot be done interactively in the headless container, so the login
must be seeded into the mounted ~/.gemini. Three problems are fixed:
- Mount fragility on the Windows Docker Desktop target: the creds mount
defaulted to ${HOME}/.config/javis/gemini, but ${HOME} is often unset when
compose runs outside a WSL shell, silently mounting the wrong dir. Default is
now the project-local ./docker/gemini-oauth (cross-platform), GEMINI_OAUTH_DIR
still overrides.
- No visibility: when oauth is selected but no login is seeded, the path
silently degraded to DDG/Brave. Added gemini_oauth_ready() + a one-time debug
hint and a startup entrypoint warning (skipped on the browser role, fail-open).
- Seeding guidance: oauth_creds.json is the essential credential (refresh token;
GOOGLE_GENAI_USE_GCA=true forces OAuth), which is what the readiness check and
warning verify; docs recommend copying the whole ~/.gemini for convenience.
Adds docker/gemini-oauth/ seed dir (.gitkeep) with the login files gitignored,
GEMINI_OAUTH_DIR in .env.example, and updates DEPLOY.md, stream_browser_modes.md
and llm_contexts.md. Covered by 3 new tests (10 passed total).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
3.3 KiB
Deployment layouts
One image, three roles (JARVIS_ROLE), selected in .env. GPU is added per OS
via a compose override picked with COMPOSE_FILE.
A. All-in-one (single machine)
Everything (desktop + Chrome + bridge + bot + TTS) in one container.
# .env
JARVIS_ROLE=full
COMPOSE_FILE=docker-compose.yml:docker-compose.gpu-linux.yml # Ubuntu
# COMPOSE_FILE=docker-compose.yml:docker-compose.gpu-windows.yml # Windows 11
DISCORD_SELFBOT_TOKEN=...
DISCORD_GUILD_ID=...
docker compose up -d # Ollama + javis (COMPOSE_FILE adds GPU)
B. Split: browser host (LAN) + bot on your PC
The on-screen Chrome, real mouse/keyboard (xdotool) and screen live on the browser host. Your PC runs the bot and drives that browser over the internal network — no auth (internal only).
Browser host (the LAN machine that shows Chrome, e.g. 192.168.10.9)
# .env
JARVIS_ROLE=browser
CDP_BIND=0.0.0.0
BROWSER_CONTROL_BIND=0.0.0.0
CDP_PUBLISH_BIND=0.0.0.0
# no GPU needed → leave COMPOSE_FILE unset (base compose only)
docker compose up -d javis # desktop + Chrome + control-server (port 8777)
Watch it on this machine’s VNC (localhost:5901) / noVNC (localhost:6080).
Bot host (your PC — Ubuntu or Windows 11)
# .env
JARVIS_ROLE=bot
BROWSER_CONTROL_URL=http://192.168.10.9:8777 # the browser host's LAN IP
COMPOSE_FILE=docker-compose.yml:docker-compose.gpu-linux.yml # Ubuntu
# COMPOSE_FILE=docker-compose.yml:docker-compose.gpu-windows.yml # Windows 11
DISCORD_SELFBOT_TOKEN=...
DISCORD_GUILD_ID=...
docker compose up -d # bot + bridge + TTS + Ollama (GPU per OS)
The bot’s controlBrowser tool posts commands to BROWSER_CONTROL_URL, so
"네이버에서 X 검색", "구글로 돌아가" etc. drive the browser host’s Chrome with real
human-style input (visible on its VNC).
Windows 11 notes
- Install the NVIDIA driver on Windows and enable GPU in Docker Desktop
(Settings → Resources → WSL Integration). Use the
gpu-windows.ymloverride. - Paths: named volumes are cross-platform. The Gemini OAuth login (for
GEMINI_AUTH=oauth) is bind-mounted from the project-local./docker/gemini-oauthinto the container's~/.gemini. A project-relative path is used so it resolves the same on Windows Docker Desktop and Linux (${HOME}is often unset when compose runs from PowerShell/cmd). Seed it once from a machine with a browser and the logged-in Gemini CLI (npm i -g @google/gemini-cli, thengemini-> "Sign in with Google"), copying the login state:cp -r ~/.gemini/. docker/gemini-oauth/. The essential file isoauth_creds.json(it holds the refresh token;GOOGLE_GENAI_USE_GCA=trueforces OAuth, so that is the file the startup readiness check looks for) - copying the whole dir simply also carries the cached account/settings. To reuse an existing host login without copying, setGEMINI_OAUTH_DIR=~/.geminiin.env. If unseeded, real-time search fail-opens to DDG/Brave and the container logs a🔑warning on startup.
Known limitation
Discord Go-Live broadcast of the browser host's screen from a remote bot is not supported (the bot's WebRTC screen capture is local to the bot machine). Use the browser host's VNC to view it. A full remote-broadcast path is separate, larger work.