Adds Kubernetes sandbox provisioner support (#35)

* Adds Kubernetes sandbox provisioner support

* Improves Docker dev setup by standardizing host paths

Replaces hardcoded host paths with a configurable root directory,
making the development environment more portable and easier to use
across different machines. Automatically sets the root path if not
already defined, reducing manual setup steps.

docker/docker-compose-dev.yaml

@@ -6,11 +6,56 @@
 #   - frontend: Frontend Next.js dev server (port 3000)
 #   - gateway: Backend Gateway API (port 8001)
 #   - langgraph: LangGraph server (port 2024)
+#   - provisioner: Sandbox provisioner (creates Pods in host Kubernetes)
+#
+# Prerequisites:
+#   - Host machine must have a running Kubernetes cluster (Docker Desktop K8s,
+#     minikube, kind, etc.) with kubectl configured (~/.kube/config).
 #
 # Access: http://localhost:2026
 
 services:
-  # Nginx Reverse Proxy
+  # ── Sandbox Provisioner ────────────────────────────────────────────────
+  # Manages per-sandbox Pod + Service lifecycle in the host Kubernetes
+  # cluster via the K8s API.
+  # Backend accesses sandboxes directly via host.docker.internal:{NodePort}.
+  provisioner:
+    build:
+      context: ./provisioner
+      dockerfile: Dockerfile
+    container_name: deer-flow-provisioner
+    volumes:
+      - ~/.kube/config:/root/.kube/config:ro
+    environment:
+      - K8S_NAMESPACE=deer-flow
+      - SANDBOX_IMAGE=enterprise-public-cn-beijing.cr.volces.com/vefaas-public/all-in-one-sandbox:latest
+      # Host paths for K8s HostPath volumes (must be absolute paths accessible by K8s node)
+      # On Docker Desktop/OrbStack, use your actual host paths like /Users/username/...
+      # Set these in your shell before running docker-compose:
+      #   export DEER_FLOW_ROOT=/absolute/path/to/deer-flow
+      - SKILLS_HOST_PATH=${DEER_FLOW_ROOT}/skills
+      - THREADS_HOST_PATH=${DEER_FLOW_ROOT}/backend/.deer-flow/threads
+      - KUBECONFIG_PATH=/root/.kube/config
+      - NODE_HOST=host.docker.internal
+      # Override K8S API server URL since kubeconfig uses 127.0.0.1
+      # which is unreachable from inside the container
+      - K8S_API_SERVER=https://host.docker.internal:26443
+    env_file:
+      - ../.env
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    networks:
+      - deer-flow-dev
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8002/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 6
+      start_period: 15s
+
+  # ── Reverse Proxy ──────────────────────────────────────────────────────
+  # Routes API traffic to gateway, langgraph, and provisioner services.
   nginx:
     image: nginx:alpine
     container_name: deer-flow-nginx
@@ -22,6 +67,7 @@ services:
       - frontend
       - gateway
       - langgraph
+      - provisioner
     networks:
       - deer-flow-dev
     restart: unless-stopped
@@ -58,6 +104,8 @@ services:
     build:
       context: ../
       dockerfile: backend/Dockerfile
+      cache_from:
+        - type=local,src=/tmp/docker-cache-gateway
     container_name: deer-flow-gateway
     command: sh -c "cd backend && uv run uvicorn src.gateway.app:app --host 0.0.0.0 --port 8001 --reload --reload-include='*.yaml .env' > /app/logs/gateway.log 2>&1"
     volumes:
@@ -66,11 +114,14 @@ services:
       - ../config.yaml:/app/config.yaml
       - ../skills:/app/skills
       - ../logs:/app/logs
+      - ../backend/.deer-flow:/app/backend/.deer-flow
+      # Mount uv cache for faster dependency installation
+      - ~/.cache/uv:/root/.cache/uv
     working_dir: /app
     environment:
       - CI=true
     env_file:
-      - ../backend/.env
+      - ../.env
     extra_hosts:
       # For Linux: map host.docker.internal to host gateway
       - "host.docker.internal:host-gateway"
@@ -83,6 +134,8 @@ services:
     build:
       context: ../
       dockerfile: backend/Dockerfile
+      cache_from:
+        - type=local,src=/tmp/docker-cache-langgraph
     container_name: deer-flow-langgraph
     command: sh -c "cd backend && uv run langgraph dev --no-browser --allow-blocking --host 0.0.0.0 --port 2024 > /app/logs/langgraph.log 2>&1"
     volumes:
@@ -91,15 +144,23 @@ services:
       - ../config.yaml:/app/config.yaml
       - ../skills:/app/skills
       - ../logs:/app/logs
+      - ../backend/.deer-flow:/app/backend/.deer-flow
+      # Mount uv cache for faster dependency installation
+      - ~/.cache/uv:/root/.cache/uv
     working_dir: /app
     environment:
       - CI=true
     env_file:
-      - ../backend/.env
+      - ../.env
     networks:
       - deer-flow-dev
     restart: unless-stopped
 
+volumes: {}
+
 networks:
   deer-flow-dev:
     driver: bridge
+    ipam:
+      config:
+        - subnet: 192.168.200.0/24