diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..4350c80
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,30 @@
+# Git
+.git
+.gitignore
+
+# Dependencies (will be reinstalled in container)
+node_modules
+
+# Build output
+build
+
+# Data (mounted as volumes)
+data
+logs
+
+# Environment files (mounted separately)
+.env*
+!.env.local.example
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Generated
+gen
diff --git a/.gitignore b/.gitignore
index 9110a37..e8740ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -136,3 +136,4 @@ build
 data/
 .env.keys
 .envrc
+/.env.docker
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..befbde4
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+FROM node:20-alpine
+
+# Install pnpm and dotenvx
+RUN corepack enable && corepack prepare pnpm@latest --activate
+RUN npm install -g @dotenvx/dotenvx
+
+WORKDIR /app
+
+# Copy package files
+COPY package.json pnpm-lock.yaml ./
+
+# Install dependencies
+RUN pnpm install --frozen-lockfile
+
+# Copy source files
+COPY . .
+
+# Signal handling for graceful shutdown
+STOPSIGNAL SIGINT
+
+# Run with dotenvx to decrypt environment variables
+CMD ["dotenvx", "run", "--env-file=.env.local", "--", "pnpm", "start"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..aa9b750
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,51 @@
+version: '3.8'
+
+services:
+  mongo:
+    image: mongo:latest
+    container_name: venom-mongo
+    restart: unless-stopped
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: venom
+      MONGO_INITDB_ROOT_PASSWORD: ${DB_PASS}
+    volumes:
+      - /root/apps/venom/data/db:/data/db
+      - /root/apps/venom/data/configdb:/data/configdb
+    networks:
+      - venom-network
+    healthcheck:
+      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+  bot:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: venom-bot
+    restart: unless-stopped
+    depends_on:
+      mongo:
+        condition: service_healthy
+    environment:
+      # Private key for dotenvx decryption
+      DOTENV_PRIVATE_KEY_LOCAL: ${DOTENV_PRIVATE_KEY_LOCAL}
+      # Override MongoDB URI to use container hostname (password is URL-encoded)
+      MONGODB_URI: mongodb://venom:${DB_PASS_ENCODED}@mongo:27017/venom?authSource=admin&authMechanism=SCRAM-SHA-256
+    volumes:
+      # Mount source code and data (for development/hot-reload if needed)
+      - /root/apps/venom/data/brain.dat:/app/data/brain.dat
+      - /root/apps/venom/logs:/app/logs
+      # Mount env files for dotenvx
+      - /root/apps/venom/.env.local:/app/.env.local:ro
+      - /root/apps/venom/.env.keys:/app/.env.keys:ro
+    networks:
+      - venom-network
+    stop_signal: SIGINT
+    stop_grace_period: 30s
+
+networks:
+  venom-network:
+    driver: bridge