| # Hugging Face Spaces Docker β Sentinel Backend API | |
| # HF Spaces requires the app to listen on port 7860. | |
| # | |
| # Required Secrets (set in Space Settings -> Repository secrets): | |
| # REDIS_URL β Upstash Redis URL (rediss://...) | |
| # HF_API_KEY β Hugging Face API token | |
| # GROQ_API_KEY β Groq API key | |
| # CORS_ORIGINS β Comma-separated allowed origins (your Vercel URL) | |
| # QDRANT_URL / QDRANT_API_KEY β Optional, for vector clustering signal | |
| # SENTRY_DSN β Optional error tracking | |
| FROM python:3.12-slim | |
| WORKDIR /app | |
| # System dependencies | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential curl && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Python dependencies | |
| COPY backend/requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Application code | |
| COPY backend/ ./backend/ | |
| # Non-root user (HF Spaces security best practice) | |
| RUN useradd -m appuser && chown -R appuser:appuser /app | |
| USER appuser | |
| # HF Spaces requires port 7860 | |
| EXPOSE 7860 | |
| HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | |
| CMD curl -f http://localhost:7860/health || exit 1 | |
| CMD ["uvicorn", "backend.app.main:app", "--host", "0.0.0.0", "--port", "7860"] | |