straylight-ai 0.1.0 → 0.5.0

package/README.md

@@ -0,0 +1,188 @@
+# Straylight-AI
+
+**Keep your API keys safe when using Claude Code, Cursor, and Windsurf.**
+
+Straylight-AI is a self-hosted credential proxy that sits between your AI coding assistant and external APIs. Your keys are stored in an encrypted vault and injected at the HTTP transport layer — they never appear in the AI's context window, prompts, logs, or responses.
+
+## Quick Start
+
+```bash
+npx straylight-ai
+```
+
+This will:
+1. Pull and start the Straylight-AI container (Docker or Podman)
+2. Open the dashboard at http://localhost:9470
+3. Register the MCP server with Claude Code (if installed)
+
+### Prerequisites
+
+- Docker or Podman
+- Node.js 18+
+
+## Add a Service
+
+1. Open http://localhost:9470
+2. Click "Add Service"
+3. Select a template (GitHub, Stripe, OpenAI, AWS, and more) or create a custom service
+4. Paste your API key — it goes straight into the encrypted vault
+
+## Connect to Your AI Coding Assistant
+
+### Claude Code
+
+If not auto-registered during setup:
+
+```bash
+claude mcp add straylight-ai --transport stdio -- npx straylight-ai mcp
+```
+
+### Cursor / Windsurf
+
+Any MCP-compatible AI coding assistant works. The MCP server speaks the standard protocol over stdio.
+
+## CLI Commands
+
+| Command | Description |
+|---------|-------------|
+| `npx straylight-ai` | Full setup (pull, start, register) |
+| `npx straylight-ai start` | Start the container |
+| `npx straylight-ai stop` | Stop the container |
+| `npx straylight-ai status` | Check health and service status |
+| `npx straylight-ai logs` | View container logs |
+
+## MCP Tools
+
+Once registered, your AI coding assistant has access to:
+
+| Tool | What It Does |
+|------|-------------|
+| `straylight_api_call` | Make an authenticated HTTP request. Credentials injected automatically. |
+| `straylight_exec` | Run a command with credentials as environment variables. Output sanitized. |
+| `straylight_db_query` | Query a database with dynamic temporary credentials. |
+| `straylight_scan` | Scan project files for exposed secrets. |
+| `straylight_read_file` | Read a file with secrets automatically redacted. |
+| `straylight_check` | Check whether a credential is available for a service. |
+| `straylight_services` | List all configured services and their status. |
+
+## How It Works
+
+```
+AI Coding Assistant  -->  straylight-mcp (stdio)  -->  Straylight Container
+                                                          |
+                                                    OpenBao Vault (encrypted)
+                                                          |
+                                                    HTTP Proxy (injects credentials)
+                                                          |
+                                                    External API (Stripe, GitHub, ...)
+```
+
+Your AI assistant calls a Straylight MCP tool. The container fetches the credential from the vault, injects it into the outbound HTTP request, and returns the sanitized API response. The AI gets the data it needs without ever seeing the key.
+
+## Database Credentials
+
+Configure a database once in the dashboard. When your AI coding assistant needs data, it calls `straylight_db_query` — Straylight provisions a temporary database user, runs the query, and returns the results. The AI never sees the password.
+
+```
+// AI calls:
+straylight_db_query(service="my-postgres", query="SELECT id, name FROM users LIMIT 10")
+```
+
+- Credentials are read-only by default and auto-expire (5–15 min TTL)
+- Supported: PostgreSQL, MySQL/MariaDB, Redis
+- [Full documentation](https://aj-geddes.github.io/straylight-ai/docs/database-credentials)
+
+## Cloud Credentials
+
+Configure an AWS, GCP, or Azure account in the dashboard. When the AI needs to run a cloud CLI command, it calls `straylight_exec` with a named service — Straylight generates short-lived temporary credentials, injects them as environment variables, and returns the sanitized output.
+
+```
+// AI calls:
+straylight_exec(service="aws-prod", command="aws s3 ls s3://my-bucket")
+```
+
+- AWS: STS AssumeRole with inline session policies
+- GCP: Workload Identity Federation tokens
+- Azure: short-lived access tokens
+- [Full documentation](https://aj-geddes.github.io/straylight-ai/docs/cloud-credentials)
+
+## Secret Scanner
+
+Scan your project for exposed secrets before the AI reads them. Straylight checks files against 14 pattern categories and reports findings by file, line, and type.
+
+```
+// AI calls:
+straylight_scan(path="/home/user/my-project")
+```
+
+- Detects AWS keys, GitHub PATs, Stripe keys, connection strings, private keys, and more
+- Returns file paths, line numbers, secret types, and severity
+- [Full documentation](https://aj-geddes.github.io/straylight-ai/docs/secret-scanner)
+
+## File Firewall
+
+Let the AI read files it needs without exposing secrets. `straylight_read_file` serves file contents with credentials redacted. Blocked files (`.env`, `.pem`, `credentials.json`) return guidance to use the vault instead.
+
+```
+// AI calls:
+straylight_read_file(path="docker-compose.yml")
+// Returns: file structure with passwords replaced by [STRAYLIGHT:service-name]
+```
+
+- Blocked file patterns: `.env*`, `*credentials*`, `*secret*`, `*.pem`, SSH keys
+- Legitimate files served clean — structure intact, secrets masked
+- [Full documentation](https://aj-geddes.github.io/straylight-ai/docs/file-firewall)
+
+## Audit Trail
+
+Every credential access, API call, and command execution is logged with a timestamp, service name, tool used, and session ID. No credentials appear in the log.
+
+View the audit log in the dashboard at http://localhost:9470 or query it via the API.
+
+- Append-only local log, no retention cap on the free tier
+- [Full documentation](https://aj-geddes.github.io/straylight-ai/docs/audit-trail)
+
+## Supported Services
+
+16+ pre-configured templates including GitHub, Stripe, OpenAI, Anthropic, AWS, Google Cloud, Azure, PostgreSQL, MySQL, Redis, Slack, GitLab, and more. Custom services supported via base URL and auth method configuration.
+
+## Security
+
+- **Encrypted at rest** — OpenBao (open-source HashiCorp Vault fork)
+- **Transport-layer injection** — credentials never exposed to the AI
+- **Output sanitization** — credential patterns stripped from all responses
+- **Dynamic database credentials** — temporary users with automatic revocation
+- **Non-root container** — UID 10001, minimal Alpine image
+
+## Optional: Claude Code Hooks
+
+For extra protection, add hooks that block credential-accessing commands and sanitize output:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [{
+      "matcher": "Bash|Write|Edit",
+      "hooks": [{ "type": "command", "command": "straylight-mcp hook pretooluse" }]
+    }],
+    "PostToolUse": [{
+      "matcher": "Bash",
+      "hooks": [{ "type": "command", "command": "straylight-mcp hook posttooluse" }]
+    }]
+  }
+}
+```
+
+## Links
+
+- [Documentation](https://aj-geddes.github.io/straylight-ai/docs/quickstart)
+- [GitHub](https://github.com/aj-geddes/straylight-ai)
+- [Issues](https://github.com/aj-geddes/straylight-ai/issues)
+
+## License
+
+Apache-2.0
+
+---
+
+Built by [High Velocity Solutions LLC](https://highvelocitysolutions.com)

package/dist/docker.d.ts

@@ -4,8 +4,8 @@ export declare const CONTAINER_NAME = "straylight-ai";
 export declare const CONTAINER_IMAGE = "ghcr.io/aj-geddes/straylight-ai:latest";
 /** Host port mapped to container port 9470 */
 export declare const CONTAINER_PORT = 9470;
-/** Host data directory mounted at /data inside the container */
-export declare const DATA_DIR: string;
+/** Named Docker volume mounted at /data inside the container */
+export declare const VOLUME_NAME = "straylight-ai-data";
 /** Container status values */
 export type ContainerStatus = "running" | "stopped" | "not_found";
 /** Supported container runtimes */

package/dist/docker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../src/docker.ts"],"names":[],"mappings":"AAIA,oCAAoC;AACpC,eAAO,MAAM,cAAc,kBAAkB,CAAC;AAE9C,mCAAmC;AACnC,eAAO,MAAM,eAAe,2CAA2C,CAAC;AAExE,8CAA8C;AAC9C,eAAO,MAAM,cAAc,OAAO,CAAC;AAEnC,gEAAgE;AAChE,eAAO,MAAM,QAAQ,QAAoD,CAAC;AAE1E,8BAA8B;AAC9B,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,CAAC;AAElE,mCAAmC;AACnC,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE1C;;;GAGG;AACH,wBAAgB,aAAa,IAAI,OAAO,GAAG,IAAI,CAU9C;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC,CAe1B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAUvD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAExD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAE/C"}
+{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../src/docker.ts"],"names":[],"mappings":"AAEA,oCAAoC;AACpC,eAAO,MAAM,cAAc,kBAAkB,CAAC;AAE9C,mCAAmC;AACnC,eAAO,MAAM,eAAe,2CAA2C,CAAC;AAExE,8CAA8C;AAC9C,eAAO,MAAM,cAAc,OAAO,CAAC;AAEnC,gEAAgE;AAChE,eAAO,MAAM,WAAW,uBAAuB,CAAC;AAEhD,8BAA8B;AAC9B,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,CAAC;AAElE,mCAAmC;AACnC,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE1C;;;GAGG;AACH,wBAAgB,aAAa,IAAI,OAAO,GAAG,IAAI,CAU9C;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC,CAe1B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAUvD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAExD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAE/C"}

package/dist/docker.js

@@ -1,39 +1,6 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DATA_DIR = exports.CONTAINER_PORT = exports.CONTAINER_IMAGE = exports.CONTAINER_NAME = void 0;
+exports.VOLUME_NAME = exports.CONTAINER_PORT = exports.CONTAINER_IMAGE = exports.CONTAINER_NAME = void 0;
 exports.detectRuntime = detectRuntime;
 exports.getContainerStatus = getContainerStatus;
 exports.isContainerRunning = isContainerRunning;
@@ -42,16 +9,14 @@ exports.buildStartCommand = buildStartCommand;
 exports.buildStopCommand = buildStopCommand;
 exports.pullImage = pullImage;
 const child_process_1 = require("child_process");
-const os = __importStar(require("os"));
-const path = __importStar(require("path"));
 /** Name of the managed container */
 exports.CONTAINER_NAME = "straylight-ai";
 /** Docker image to pull and run */
 exports.CONTAINER_IMAGE = "ghcr.io/aj-geddes/straylight-ai:latest";
 /** Host port mapped to container port 9470 */
 exports.CONTAINER_PORT = 9470;
-/** Host data directory mounted at /data inside the container */
-exports.DATA_DIR = path.join(os.homedir(), ".straylight-ai", "data");
+/** Named Docker volume mounted at /data inside the container */
+exports.VOLUME_NAME = "straylight-ai-data";
 /**
  * Detect whether docker or podman is available on the host.
  * Returns the first available runtime, or null if neither is found.
@@ -100,7 +65,7 @@ function buildRunCommand(runtime) {
         "-d",
         `--name ${exports.CONTAINER_NAME}`,
         `-p ${exports.CONTAINER_PORT}:${exports.CONTAINER_PORT}`,
-        `-v ${exports.DATA_DIR}:/data`,
+        `-v ${exports.VOLUME_NAME}:/data`,
         "--restart unless-stopped",
         exports.CONTAINER_IMAGE,
     ].join(" ");

package/dist/docker.js.map

@@ -1 +1 @@
-{"version":3,"file":"docker.js","sourceRoot":"","sources":["../src/docker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,sCAUC;AAKD,gDAiBC;AAKD,gDAEC;AAKD,0CAUC;AAKD,8CAEC;AAKD,4CAEC;AAKD,8BAEC;AArGD,iDAAyC;AACzC,uCAAyB;AACzB,2CAA6B;AAE7B,oCAAoC;AACvB,QAAA,cAAc,GAAG,eAAe,CAAC;AAE9C,mCAAmC;AACtB,QAAA,eAAe,GAAG,wCAAwC,CAAC;AAExE,8CAA8C;AACjC,QAAA,cAAc,GAAG,IAAI,CAAC;AAEnC,gEAAgE;AACnD,QAAA,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;AAQ1E;;;GAGG;AACH,SAAgB,aAAa;IAC3B,KAAK,MAAM,OAAO,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAc,EAAE,CAAC;QACxD,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,GAAG,OAAO,YAAY,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,mBAAmB;QACrB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EACrB,GAAG,OAAO,yCAAyC,sBAAc,EAAE,EACnE,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB;aACE,QAAQ,EAAE;aACV,IAAI,EAAE;aACN,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,sCAAsC;QAEhE,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAe;IACtD,OAAO,CAAC,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC,KAAK,SAAS,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe;IAC7C,OAAO;QACL,GAAG,OAAO,MAAM;QAChB,IAAI;QACJ,UAAU,sBAAc,EAAE;QAC1B,MAAM,sBAAc,IAAI,sBAAc,EAAE;QACxC,MAAM,gBAAQ,QAAQ;QACtB,0BAA0B;QAC1B,uBAAe;KAChB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAe;IAC/C,OAAO,GAAG,OAAO,UAAU,sBAAc,EAAE,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAAe;IAC9C,OAAO,GAAG,OAAO,SAAS,sBAAc,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,OAAe;IACvC,IAAA,wBAAQ,EAAC,GAAG,OAAO,SAAS,uBAAe,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;AACvE,CAAC"}
+{"version":3,"file":"docker.js","sourceRoot":"","sources":["../src/docker.ts"],"names":[],"mappings":";;;AAwBA,sCAUC;AAKD,gDAiBC;AAKD,gDAEC;AAKD,0CAUC;AAKD,8CAEC;AAKD,4CAEC;AAKD,8BAEC;AAnGD,iDAAyC;AAEzC,oCAAoC;AACvB,QAAA,cAAc,GAAG,eAAe,CAAC;AAE9C,mCAAmC;AACtB,QAAA,eAAe,GAAG,wCAAwC,CAAC;AAExE,8CAA8C;AACjC,QAAA,cAAc,GAAG,IAAI,CAAC;AAEnC,gEAAgE;AACnD,QAAA,WAAW,GAAG,oBAAoB,CAAC;AAQhD;;;GAGG;AACH,SAAgB,aAAa;IAC3B,KAAK,MAAM,OAAO,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAc,EAAE,CAAC;QACxD,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,GAAG,OAAO,YAAY,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,mBAAmB;QACrB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EACrB,GAAG,OAAO,yCAAyC,sBAAc,EAAE,EACnE,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB;aACE,QAAQ,EAAE;aACV,IAAI,EAAE;aACN,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,sCAAsC;QAEhE,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CAAC,OAAe;IACtD,OAAO,CAAC,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC,KAAK,SAAS,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe;IAC7C,OAAO;QACL,GAAG,OAAO,MAAM;QAChB,IAAI;QACJ,UAAU,sBAAc,EAAE;QAC1B,MAAM,sBAAc,IAAI,sBAAc,EAAE;QACxC,MAAM,mBAAW,QAAQ;QACzB,0BAA0B;QAC1B,uBAAe;KAChB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAe;IAC/C,OAAO,GAAG,OAAO,UAAU,sBAAc,EAAE,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAAe;IAC9C,OAAO,GAAG,OAAO,SAAS,sBAAc,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,OAAe;IACvC,IAAA,wBAAQ,EAAC,GAAG,OAAO,SAAS,uBAAe,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;AACvE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "straylight-ai",
-  "version": "0.1.0",
+  "version": "0.5.0",
   "description": "Zero-knowledge credential proxy for AI agents",
   "bin": {
     "straylight-ai": "bin/cli.js",
@@ -20,7 +20,8 @@
   "files": [
     "bin/",
     "dist/",
-    "src/"
+    "src/",
+    "README.md"
   ],
   "keywords": [
     "mcp",

package/src/docker.ts

@@ -1,6 +1,4 @@
 import { execSync } from "child_process";
-import * as os from "os";
-import * as path from "path";
 
 /** Name of the managed container */
 export const CONTAINER_NAME = "straylight-ai";
@@ -11,8 +9,8 @@ export const CONTAINER_IMAGE = "ghcr.io/aj-geddes/straylight-ai:latest";
 /** Host port mapped to container port 9470 */
 export const CONTAINER_PORT = 9470;
 
-/** Host data directory mounted at /data inside the container */
-export const DATA_DIR = path.join(os.homedir(), ".straylight-ai", "data");
+/** Named Docker volume mounted at /data inside the container */
+export const VOLUME_NAME = "straylight-ai-data";
 
 /** Container status values */
 export type ContainerStatus = "running" | "stopped" | "not_found";
@@ -74,7 +72,7 @@ export function buildRunCommand(runtime: string): string {
     "-d",
     `--name ${CONTAINER_NAME}`,
     `-p ${CONTAINER_PORT}:${CONTAINER_PORT}`,
-    `-v ${DATA_DIR}:/data`,
+    `-v ${VOLUME_NAME}:/data`,
     "--restart unless-stopped",
     CONTAINER_IMAGE,
   ].join(" ");