fixed findings from review

docker-compose.yml

@@ -9,29 +9,34 @@ services:
       - "8000:8000"
     volumes:
       - ./sessions:/app/sessions
-      - /var/run/docker.sock:/var/run/docker.sock
     environment:
-      - MCP_SERVER=http://lovdata-mcp:8001
+      - MCP_SERVER=${MCP_SERVER:-http://localhost:8001}
       - OPENAI_API_KEY=${OPENAI_API_KEY:-}
       - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
       - GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
+      - DOCKER_HOST=tcp://docker-daemon:2376
+      - DOCKER_TLS_VERIFY=1
+      - DOCKER_CERT_PATH=/certs
     depends_on:
-      - lovdata-mcp
+      - docker-daemon
     networks:
       - lovdata-network
     restart: unless-stopped
 
-  lovdata-mcp:
-    # Placeholder for lovdata MCP server
-    # This should be replaced with the actual lovdata MCP server image
-    image: python:3.11-slim
-    ports:
-      - "8001:8001"
+  docker-daemon:
+    image: docker:dind
+    privileged: true
+    environment:
+      - DOCKER_TLS_CERTDIR=/certs
+    volumes:
+      - ./docker-certs:/certs
     networks:
       - lovdata-network
-    command: ["python", "-c", "import time; time.sleep(999999)"]  # Placeholder
+    command: ["--tlsverify", "--tlscacert=/certs/server/ca.pem", "--tlscert=/certs/server/cert.pem", "--tlskey=/certs/server/key.pem"]
     restart: unless-stopped
 
+  # lovdata-mcp server is external - configured via MCP_SERVER environment variable
+
   caddy:
     image: caddy:2.7-alpine
     ports: