Ralph runs agents with --dangerously-skip-permissions, which means the agent has full system access. Docker provides:
- Isolation: Agent can't affect your host system
- Resource limits: Prevent runaway CPU/memory usage
- Network control: Option to disable network access
- Reproducibility: Same environment everywhere
Recommendation: Always use ralph --docker for autonomous runs.
# Build the Docker image (first time only)
cd ~/.ralph-wiggum
docker compose -f docker/docker-compose.yml build
# Run Ralph in Docker
cd ~/my-project
ralph --docker plan
ralph --docker 20When you run ralph --docker, it:
- Mounts your project directory at
/workspace - Mounts git credentials (read-only)
- Passes through API keys from environment
- Runs the Ralph loop inside the container
- Commits and pushes from within the container
Set these in your host environment:
# Required: API keys
export ANTHROPIC_API_KEY="sk-ant-..."
export OPENAI_API_KEY="sk-..." # If using Codex
# Optional: Git identity
export GIT_AUTHOR_NAME="Your Name"
export GIT_AUTHOR_EMAIL="you@example.com"
export GIT_COMMITTER_NAME="Your Name"
export GIT_COMMITTER_EMAIL="you@example.com"Default limits in docker-compose.yml:
deploy:
resources:
limits:
cpus: '2'
memory: 4GAdjust as needed for your workload:
# Run with custom limits
docker compose -f ~/.ralph-wiggum/docker/docker-compose.yml run --rm \
--cpus=4 --memory=8g \
ralph 20For maximum security, disable network access:
# In docker-compose.yml
services:
ralph:
network_mode: noneWarning: This prevents:
- Package installation (
npm install,pip install) - Git push/pull
- API calls (agent won't work!)
Only use network isolation for post-implementation validation runs.
docker compose run --rm \
-v ~/.npmrc:/home/ralph/.npmrc:ro \
ralph 20docker compose run --rm \
-v ~/.aws:/home/ralph/.aws:ro \
ralph 20docker compose run --rm \
-v /etc/ssl/certs:/etc/ssl/certs:ro \
ralph 20Extend the base Dockerfile for project-specific needs:
# Dockerfile.custom
FROM ralph-wiggum
# Install project-specific tools
RUN apt-get update && apt-get install -y \
postgresql-client \
redis-tools
# Install specific Node version via nvm
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
# Pre-install common dependencies
RUN npm install -g typescript eslint prettierBuild and use:
docker build -f Dockerfile.custom -t ralph-custom .
docker run --rm -v $(pwd):/workspace ralph-custom 20# Run with verbose output
RALPH_DEBUG=true ralph --docker plan
# Tail logs in another terminal
docker logs -f $(docker ps -q --filter ancestor=ralph-wiggum)# Get a shell inside the container
docker compose -f ~/.ralph-wiggum/docker/docker-compose.yml run --rm \
--entrypoint /bin/bash \
ralph# Inside container
ls -la /workspace # Project files
ls -la ~/.ssh # SSH keys
cat ~/.gitconfig # Git configSSH keys might not have correct permissions:
# Check key permissions on host
ls -la ~/.ssh/id_*
# Should be:
# -rw------- id_rsa (600)
# -rw-r--r-- id_rsa.pub (644)Environment variables aren't passed:
# Verify on host
echo $ANTHROPIC_API_KEY
# Explicit pass-through
docker compose run --rm \
-e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
ralph planDocker cache might be invalid:
# Rebuild with cache
docker compose -f docker/docker-compose.yml build
# Force fresh build
docker compose -f docker/docker-compose.yml build --no-cacheClean up Docker resources:
docker system prune -a
docker volume prune- Never commit API keys: Use environment variables
- Use read-only mounts:
:rofor credentials - Limit resources: Prevent DoS from runaway processes
- Review commits: Don't auto-merge to main
- Rotate keys: Regularly rotate API keys used by Ralph
- Monitor usage: Track API costs and unusual patterns