FROM python:3.11-slim

# Create non-root user for security
RUN useradd -m -u 1000 user
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

WORKDIR $HOME/app

# Install system dependencies as root, then switch back to user
USER root
RUN apt-get update && apt-get install -y \
    gcc \
    g++ \
    && rm -rf /var/lib/apt/lists/*
USER user

# Copy requirements and install Python dependencies
COPY --chown=user requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt

# Copy application code
COPY --chown=user . .

# Create necessary directories with proper permissions
RUN mkdir -p $HOME/app/.files $HOME/app/.chainlit

# Expose port for Hugging Face Spaces
EXPOSE 7860

# Set environment variables for Chainlit
ENV CHAINLIT_HOST=0.0.0.0
ENV CHAINLIT_PORT=7860

# Run the application
CMD ["chainlit", "run", "app.py", "--host", "0.0.0.0", "--port", "7860"]