Describe the bug
On a fresh clone of v7.3.1, aisoc serve (and the equivalent docker compose -f docker-compose.dev.yml up -d) aborts because two service images on GHCR return error from registry: denied:
ghcr.io/beenuar/aisoc-honeytokens:latestghcr.io/beenuar/aisoc-purple-team:latest
Both service entries in docker-compose.yml have:
image: ghcr.io/beenuar/aisoc-<service>:${AISOC_VERSION:-latest}build: { context: ./services/<service>, dockerfile: Dockerfile }pull_policy: missing
and an inline comment that says "Not in publish-images.yml matrix yet - pull falls back to local build."
In practice, the fallback to local build only triggers on image not found. The registry: denied failure mode is treated as a hard error by docker compose up, so the whole stack bring-up aborts before any container starts. This blocks every new user following Path C in apps/docs/docs/quickstart.md or the pnpm aisoc:demo flow.
Steps to reproduce
- Fresh clone:
git clone https://github.com/beenuar/AiSOC.git && cd AiSOC
- Setup per Path C in quickstart:
cp .env.example .env
python3.11 -m venv .venv && source .venv/bin/activate
pip install -e packages/aisoc-cli
- Add OPENAI_API_KEY to .env
- (Apple Silicon only — but the bug is platform-independent)
export DOCKER_DEFAULT_PLATFORM=linux/amd64
- Run:
aisoc serve
Compose attempts to pull all images in parallel. Both aisoc-honeytokens and aisoc-purple-team fail with "error from registry: denied" and the entire compose up aborts.
Expected behavior
Either:
- The stack comes up successfully, with
honeytokens and purple-team built locally from their services/<name>/Dockerfile (matching the inline comment's promise of "pull falls back to local build"), OR
- Those two services are gated behind a non-default profile (e.g.
profiles: ["extras"]) so a default aisoc serve brings up only the core stack and skips them.
Actual behavior
docker compose up aborts with the following errors:
! Image ghcr.io/beenuar/aisoc-purple-team:latest error from registry: denied
! Image ghcr.io/beenuar/aisoc-honeytokens:latest error from registry: denied
No fallback to local build occurs. No containers start. Subsequent aisoc serve invocations hit the same failure unless the user manually edits docker-compose.yml to remove or override those two service definitions.
Local workaround that unblocks the recording:
sed -i '' '489,538d' docker-compose.yml # deletes the honeytokens + purple-team blocks on v7.3.1
After this edit, aisoc serve brings up the remaining 18 services cleanly.
Component
Docker / Compose
AiSOC version
v7.3.1 (commit abff3d0)
Environment
macOS 26.x (MacBook Pro 14", Apple M5, 24 GB)
Docker Desktop 29.4.3, Compose v5.1.3
Node v25.6.1, pnpm 8.15.1
Python 3.11.15 in venv
DOCKER_DEFAULT_PLATFORM=linux/amd64 (Rosetta — AiSOC images are amd64-only on GHCR)
Checklist
Describe the bug
On a fresh clone of v7.3.1,
aisoc serve(and the equivalentdocker compose -f docker-compose.dev.yml up -d) aborts because two service images on GHCR returnerror from registry: denied:ghcr.io/beenuar/aisoc-honeytokens:latestghcr.io/beenuar/aisoc-purple-team:latestBoth service entries in
docker-compose.ymlhave:image: ghcr.io/beenuar/aisoc-<service>:${AISOC_VERSION:-latest}build: { context: ./services/<service>, dockerfile: Dockerfile }pull_policy: missingand an inline comment that says "Not in publish-images.yml matrix yet - pull falls back to local build."
In practice, the fallback to local build only triggers on
image not found. Theregistry: deniedfailure mode is treated as a hard error bydocker compose up, so the whole stack bring-up aborts before any container starts. This blocks every new user following Path C inapps/docs/docs/quickstart.mdor thepnpm aisoc:demoflow.Steps to reproduce
git clone https://github.com/beenuar/AiSOC.git && cd AiSOC
cp .env.example .env
python3.11 -m venv .venv && source .venv/bin/activate
pip install -e packages/aisoc-cli
export DOCKER_DEFAULT_PLATFORM=linux/amd64
aisoc serve
Compose attempts to pull all images in parallel. Both
aisoc-honeytokensandaisoc-purple-teamfail with "error from registry: denied" and the entire compose up aborts.Expected behavior
Either:
honeytokensandpurple-teambuilt locally from theirservices/<name>/Dockerfile(matching the inline comment's promise of "pull falls back to local build"), ORprofiles: ["extras"]) so a defaultaisoc servebrings up only the core stack and skips them.Actual behavior
docker compose up aborts with the following errors:
! Image ghcr.io/beenuar/aisoc-purple-team:latest error from registry: denied
! Image ghcr.io/beenuar/aisoc-honeytokens:latest error from registry: denied
No fallback to local build occurs. No containers start. Subsequent
aisoc serveinvocations hit the same failure unless the user manually editsdocker-compose.ymlto remove or override those two service definitions.Local workaround that unblocks the recording:
sed -i '' '489,538d' docker-compose.yml # deletes the honeytokens + purple-team blocks on v7.3.1
After this edit,
aisoc servebrings up the remaining 18 services cleanly.Component
Docker / Compose
AiSOC version
v7.3.1 (commit abff3d0)
Environment
macOS 26.x (MacBook Pro 14", Apple M5, 24 GB)
Docker Desktop 29.4.3, Compose v5.1.3
Node v25.6.1, pnpm 8.15.1
Python 3.11.15 in venv
DOCKER_DEFAULT_PLATFORM=linux/amd64 (Rosetta — AiSOC images are amd64-only on GHCR)
Checklist