Costrict Backend Deployment Tool is an enterprise-level AI code assistant backend service deployment solution based on Docker Compose. This project provides a complete microservice architecture, including core components such as AI gateway, identity authentication, code analysis, and chat services, supporting both private deployment and cloud service modes.
- Microservice Architecture: Containerized distributed service architecture
- AI Gateway Integration: Support for multiple large language model access
- Identity Authentication System: Integrated with Casdoor for enterprise-level identity management
- Intelligent Code Analysis: Provides code review, completion, optimization and other functions
- Scalable Design: Support for horizontal scaling and custom plugins
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ VSCode Plugin │────│ API Gateway │────│ Backend Services│
│ (Costrict) │ │ (Apache APISIX) │ │ (Microservices) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ AI Gateway │ │ Database Cluster│
│ (Higress) │ │ (PostgreSQL) │
└─────────────────┘ └─────────────────┘
The core functions of costrict all depend on large language models, and the following model services need to be prepared in total:
1. Chat model (providing complete http://chat_model_ip:chat_model_port/v1/chat/completions interface)
2. Code review model (providing complete http://review_model_ip:review_model_port/v1/chat/completions interface)
3. Embedding model (providing complete http://embedding_model_ip:embedding_model_port/v1/embeddings interface)
4. Rerank model (providing complete http://rerank_model_ip:rerank_model_port/v1/rerank interface)
5. Completion model (providing complete http://completion_model_ip:completion_model_port/v1/completions interface)
Note: Provide and record accurate model names, APIKEYs, and context size information. Used for configuration during service deployment.
Recommended models and download addresses:
Chat model: GLM-4.5-FP8, GLM-4.5-106B-A12B-FP8
Code review model: Qwen2.5-Coder-32B-Instruct
Completion model: DeepSeek-Coder-V2-Lite-Base
Embedding model: gte-modernbert-baseRAG/Embedding
Rerank model: gte-reranker-modernbert-baseRAG/Rerank
Download addresses:
https://modelscope.cn/models/ZhipuAI/GLM-4.5-FP8
https://modelscope.cn/models/ZhipuAI/GLM-4.5-Air-FP8
https://modelscope.cn/models/Qwen/Qwen2.5-Coder-32B-Instruct
https://modelscope.cn/models/Qwen/Qwen3-Coder-30B-A3B-Instruct
https://modelscope.cn/models/deepseek-ai/DeepSeek-Coder-V2-Lite-Base
https://modelscope.cn/models/iic/gte-modernbert-base
https://modelscope.cn/models/iic/gte-reranker-modernbert-base
Hardware Requirements:
- CPU: Intel x64 architecture, minimum 16 cores
- Memory: Minimum 32GB RAM
- Storage: Minimum 512GB available storage space
- GPU: CUDA-enabled graphics card
Software Requirements:
- Operating System: CentOS 7+ or Ubuntu 18.04+ (WSL supported)
- Container Runtime: Docker 20.10+
- Orchestration Tool: Docker Compose 2.0+
- NVIDIA Driver: nvidia-docker support
Hardware Requirements:
- CPU: Intel x64 architecture, minimum 16 cores
- Memory: Minimum 32GB RAM
- Storage: Minimum 512GB available storage space
Software Requirements:
- Operating System: CentOS 7+ or Ubuntu 18.04+
- Container Runtime: Docker 20.10+ (refer to Offline Docker Installation for offline installation)
- Orchestration Tool: Docker Compose 2.0+
Before starting the deployment, please simultaneously open and view the Deployment Checklist and complete all items throughout the deployment process to ensure a successful final deployment.
git clone https://github.com/zgsm-ai/zgsm-backend-deploy.git
cd zgsm-backend-deployEdit the configuration file:
vim configure.shKey Configuration Parameters:
| Parameter Name | Description | Default Value | Required |
|---|---|---|---|
COSTRICT_BACKEND_BASEURL |
Backend service base URL | - | ✅ |
COSTRICT_BACKEND |
Backend service host address | - | ✅ |
PORT_APISIX_ENTRY |
API gateway entry port | 9080 | ❌ |
PORT_HIGRESS_CONTROL |
Higress console port | 8001 | ❌ |
PORT_CASDOOR |
Casdoor authentication system port | 9009 | ❌ |
Model Settings:
| Parameter Name | Description | Default Value | Required |
|---|---|---|---|
CHAT_MODEL_HOST |
IP+PORT of chat model | - | ✅ |
CHAT_BASEURL |
Access address of chat model | - | ✅ |
CHAT_DEFAULT_MODEL |
Name of chat model | - | ✅ |
CHAT_MODEL_CONTEXTSIZE |
Context length of chat model | - | ✅ |
CHAT_MODEL_DESC |
Description of chat model | - | ❌ |
CHAT_APIKEY |
APIKEY of chat model, required if the model enables APIKEY authentication | - | ❌ |
CODEREVIEW_MODEL_HOST |
IP+PORT of Codereview model | - | ✅ |
CODEREVIEW_BASEURL |
Access address of Codereview model | - | ✅ |
CODEREVIEW_MODEL |
Name of Codereview model | - | ✅ |
CODEREVIEW_MODEL_CONTEXTSIZE |
Context length of Codereview model | - | ✅ |
CODEREVIEW_MODEL_DESC |
Description of Codereview model | - | ❌ |
CODEREVIEW_APIKEY |
APIKEY of Codereview model, required if the model enables APIKEY authentication | - | ❌ |
COMPLETION_BASEURL |
Access address of code completion model | - | ✅ |
COMPLETION_MODEL |
Name of code completion model | - | ✅ |
COMPLETION_APIKEY |
APIKEY of code completion model, required if the model enables APIKEY authentication | - | ❌ |
EMBEDDER_BASEURL |
Access address of vector embedding model | - | ✅ |
EMBEDDER_MODEL |
Name of vector embedding model | - | ✅ |
EMBEDDER_APIKEY |
APIKEY of vector embedding model, required if the model enables APIKEY authentication | - | ❌ |
RERANKER_BASEURL |
Access address of rerank model | - | ✅ |
RERANKER_MODEL |
Name of rerank model | - | ✅ |
RERANKER_APIKEY |
APIKEY of rerank model, required if the model enables APIKEY authentication | - | ❌ |
Note: Code completion, vector embedding, and rerank models are for internal use by Costrict only and will not appear in the user-selectable model list.
Costrict backend images are mainly stored in the docker hub image repository docker.io/zgsm.
Before deployment, you need to ensure that the images required for backend deployment can be pulled from the image repository normally.
The images required by Costrict backend can be found in the scripts/newest-images.list file for a complete list.
You can get this list file from the cloud with the following command.
bash scripts/get-images-list.sh -o scriptsThe deployment script will automatically pull all images required for backend deployment during the deployment process.
However, if the deployment server cannot access the docker hub image repository, you need to download the images in advance and save them to the specified directory of the deployment machine (assuming saved in /root/images). Then run the following command to preload them.
bash scripts/load-images.sh -l /root/imagesIn addition to pulling and exporting image files from the docker image repository, you can also download all image files required for Costrict backend deployment from Baidu Netdisk.
Netdisk address:
https://pan.baidu.com/s/12kP5VyQinFNrXFsKEWFGJw?pwd=k2dh
Execute the automated deployment script:
bash deploy.shThe deployment process includes the following steps:
- Environment check and dependency verification
- Docker image pulling and building
- Database initialization
- Service container startup
- Health check and status verification
After deployment, access the Higress console at the following address to configure the chat and code review models:
http://{COSTRICT_BACKEND}:{PORT_HIGRESS_CONTROL}
Default admin username and password (please change it after login):
Username: admin
Password: test123
Configuration steps:
- Access the Higress management interface
- Configure upstream LLM service providers
- Set routing rules and load balancing strategies
- Configure rate limiting and security policies
Detailed configuration guide: Higress Configuration Document
Access the Casdoor management interface at the following address:
http://{COSTRICT_BACKEND}:{PORT_CASDOOR}
Test Account (for development and testing environments only):
Username: demo
Password: test123
Configuration features:
- User management and permission control
- Third-party identity provider integration (OIDC/SAML)
- Multi-factor authentication (MFA)
- Session management and security policies
Detailed configuration guide: Casdoor Configuration Document
- Install the Costrict VSCode extension
- Open the "Provider" page in the extension settings
- Select the API provider as "Costrict"
- Configure the backend service address:
Costrict Base URL: {COSTRICT_BACKEND_BASEURL} - Click "Login Costrict" to complete authentication
Service Access Address:
Default backend entry: http://{COSTRICT_BACKEND}:{PORT_APISIX_ENTRY}
For production environments, it is recommended to access services through reverse proxy or load balancer:
# Nginx configuration example
upstream costrict_backend {
server {COSTRICT_BACKEND}:{PORT_APISIX_ENTRY};
}
server {
listen 443 ssl;
server_name your-domain.com;
location / {
proxy_pass http://costrict_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}Check service running status:
# View all service status
docker-compose ps
# View service logs
docker-compose logs -f [service_name]
# View resource usage
docker stats# Database backup
bash ./scripts/backup.sh
# Database recovery
bash ./scripts/restore.sh [backup_file]# Scale service instances
docker-compose up -d --scale chatgpt=3
# Update service configuration
docker-compose up -d --force-recreate [service_name]1. Container startup failure
# Check port occupancy
netstat -tlnp | grep {port}
# Check disk space
df -h
# View detailed error logs
docker-compose logs [service_name]2. Network connection issues
# Test service connectivity
curl -v http://{COSTRICT_BACKEND}:{PORT_APISIX_ENTRY}/health
# Check Docker network
docker network ls
docker network inspect {network_name}3. Database connection issues
# Check database service status
docker-compose exec postgres pg_isready
# View database logs
docker-compose logs postgresSystem log locations:
- Application logs:
./logs/ - Database logs:
/var/log/postgresql/inside container - Gateway logs:
/var/log/apisix/inside container
-
Production Environment Deployment:
- Change all default passwords
- Configure HTTPS certificates
- Enable firewall and access control
- Regularly update systems and dependencies
-
Network Security:
- Only open necessary ports
- Configure VPN or intranet access
- Enable API rate limiting and protection
-
Data Protection:
- Regularly backup important data
- Enable database encryption
- Configure access audit logs
This project is open source under the Apache 2.0 license. See the LICENSE file for details.
- Issue Reporting: GitHub Issues
- Feature Requests: GitHub Discussions
- Contribution Guidelines: CONTRIBUTING.md
Costrict - Let AI power your code development journey