diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 4a9c3f9..b055e2d 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -17,11 +17,18 @@ services:
     restart: always
     environment:
       - DATABASE_URL=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@mysql:3306/${MYSQL_DATABASE}
+      - ASTRA_STORAGE=/app/storage
+      - DEMO_DATA_DIR=/app/demo-data
+      - QDRANT_URL=http://qdrant:6333
+      - GEMINI_API_KEY=${GEMINI_API_KEY}
     depends_on:
       - mysql
+      - qdrant
     user: "1004"
     volumes:
       - ~/astra-logs:/var/log
+      - rust-storage:/app/storage
+      - /var/www/codered-astra/rust-engine/demo-data:/app/demo-data:ro
 
   mysql:
     image: mysql:8.0
@@ -60,3 +67,4 @@ services:
 volumes:
   mysql-data:
   qdrant-data:
+  rust-storage:
diff --git a/docker-compose.yml b/docker-compose.yml
index c9b1ab4..78e4c61 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,8 +23,16 @@ services:
     restart: always
     environment:
       - DATABASE_URL=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@mysql:3306/${MYSQL_DATABASE}
+      - ASTRA_STORAGE=/app/storage
+      - DEMO_DATA_DIR=/app/demo-data
+      - QDRANT_URL=http://qdrant:6333
+      - GEMINI_API_KEY=${GEMINI_API_KEY}
+    volumes:
+      - rust-storage:/app/storage
+      - ./rust-engine/demo-data:/app/demo-data:ro
     depends_on:
-      - mysql # <-- Updated dependency
+      - mysql
+      - qdrant
 
   # --- Key Changes are in this section ---
   mysql: # <-- Renamed service for clarity
@@ -62,4 +70,5 @@ services:
 
 volumes:
   mysql-data: # Renamed volume for clarity (optional but good practice)
-  qdrant-data:
\ No newline at end of file
+  qdrant-data:
+  rust-storage:
\ No newline at end of file
diff --git a/rust-engine/Dockerfile b/rust-engine/Dockerfile
index d1cfdd9..56e962d 100644
--- a/rust-engine/Dockerfile
+++ b/rust-engine/Dockerfile
@@ -72,10 +72,18 @@ RUN useradd --system --uid 10001 --no-create-home --shell /usr/sbin/nologin appu
 # Copy the compiled binary from the builder stage
 
 COPY --from=builder /usr/src/app/target/release/rust-engine /usr/local/bin/rust-engine
+
+# Create writable storage and logs directories for appuser
 RUN chown appuser:appuser /usr/local/bin/rust-engine \
-    && mkdir -p /var/log \
+    && mkdir -p /var/log /app/storage /app/demo-data \
     && touch /var/log/astra-errors.log \
-    && chown appuser:appuser /var/log/astra-errors.log
+    && chown -R appuser:appuser /var/log /app
+
+# Set working directory to a writable location
+WORKDIR /app
+
+# Switch to non-root user
+USER appuser
 
 EXPOSE 8000
 # Redirect all output to /var/log/astra-errors.log for easy monitoring
diff --git a/rust-engine/src/storage.rs b/rust-engine/src/storage.rs
index 95d6415..08f4ad0 100644
--- a/rust-engine/src/storage.rs
+++ b/rust-engine/src/storage.rs
@@ -6,7 +6,7 @@ use std::path::{Path, PathBuf};
 pub fn storage_dir() -> PathBuf {
     std::env::var("ASTRA_STORAGE")
         .map(PathBuf::from)
-        .unwrap_or_else(|_| std::env::current_dir().unwrap().join("storage"))
+        .unwrap_or_else(|_| PathBuf::from("/app/storage"))
 }
 
 pub fn ensure_storage_dir() -> Result<()> {