# SPDX-License-Identifier: LicenseRef-SZL-Proprietary
# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v10
# amaru HF Docker Space — serves the amaru memory-cortex operator surface + the
# real 7-chakra runtime API at /api/amaru/* + the verbatim Replit reverse-ETL
# React SPA at /conduit/ (BASE_PATH=/conduit/, title "Amaru — The Andean Ouroboros").
#
# The root front-end is now the verbatim Replit React SPA (base=/). The /conduit/ surface is the pre-built React SPA (vite, base
# /conduit/) copied verbatim from the Replit artifact and served statically.
# ADDITIVE ONLY: no existing route, console, reasoner, or Rosie widget is touched.
# No Node build step is required at image build time — the SPA is shipped pre-built.
FROM python:3.12-slim AS backend

WORKDIR /app
COPY sidecar/ ./sidecar/
RUN pip install --no-cache-dir ./sidecar
# ADDITIVE (Yachay / Provenance Hardening): cryptography for DSSE+Cosign Khipu signing.
RUN pip install --no-cache-dir "cryptography>=42.0"

FROM python:3.12-slim

WORKDIR /app

COPY --from=backend /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=backend /usr/local/bin/uvicorn /usr/local/bin/uvicorn
COPY sidecar/src/amaru /app/amaru

# ADDITIVE (Doctrine v10/v11): agentic-RAG deps. CPU-only torch (no CUDA).
# Powers /api/amaru/v1/rag + /rag over SZLHOLDINGS/rag-corpus-v1 (BGE-base + FAISS).
RUN pip install --no-cache-dir --extra-index-url https://download.pytorch.org/whl/cpu \
    "faiss-cpu>=1.8.0" \
    "sentence-transformers>=3.0.0" \
    "torch>=2.2.0" \
    "huggingface_hub>=0.23.0"

# Root front-end: the VERBATIM Replit reverse-ETL React SPA (Vite base="/"),
# served at root / per founder directive + a11oy winning pattern. The full
# /api/amaru/* runtime, Wires, brain-jack, /upgrades, /rag are PRESERVED below.
RUN mkdir -p /app/static/assets
COPY static/index.html /app/static/index.html
COPY static/assets/ /app/static/assets/

# PRESERVED: legacy memory-cortex single page kept at /legacy for reference.
COPY web/index.html /app/static/legacy.html
COPY web/assets/ /app/static/web-assets/

# PRESERVED: the prior /conduit/ React SPA (base=/conduit/) left intact.
COPY conduit/ /app/static/conduit/

COPY serve.py /app/serve.py
# Anatomy substrate (ADDITIVE): canonical formulas + composer routes.
COPY szl_formulas.py /app/szl_formulas.py
COPY szl_anatomy_routes.py /app/szl_anatomy_routes.py

# ADDITIVE (Doctrine v10): shared per-app BRAIN + unified LLM router + mesh wires.
COPY szl_brain.py /app/szl_brain.py
# FIX (ADDITIVE): Wire-G module imported by serve.py but COPY was omitted -> ModuleNotFoundError at startup.
COPY szl_jack.py /app/szl_jack.py
# ADDITIVE (Doctrine v10/v11): shared agentic-RAG service (organ=cortex).
COPY szl_rag.py /app/szl_rag.py
COPY szl_wire.py /app/szl_wire.py
COPY szl_dsse.py /app/szl_dsse.py
COPY szl_provenance.py /app/szl_provenance.py


# ADDITIVE (Yachay / Live 3D Wires, PURIQ Doctrine v12): COPY the live-wires
# module + host page + scene core so `import szl_live_wires` resolves in-container.
# Without these the register() call in the server silently fails and /live-wires
# falls through to the SPA shell. ADDITIVE ONLY. Sign: Yachay.
COPY szl_live_wires.py /app/szl_live_wires.py
COPY live_wires.html /app/live_wires.html
COPY live_wires_3d.js /app/live_wires_3d.js

# ADDITIVE (Wire I): Rosie-companion module baked into the image. Yachay.
COPY szl_rosie_companion.py ./szl_rosie_companion.py
COPY serve.py ./serve.py
ENV PORT=7860
EXPOSE 7860

# a11oy.code (ADDITIVE, Doctrine v11 §14): math-corpus + code-proxy for amaru.
COPY szl_math_corpus.py ./szl_math_corpus.py
COPY szl_code_proxy.py ./szl_code_proxy.py

# ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay): real durable lmdb persistence
# + optional sqlite-vss vector recall (szl_unay degrades to honest cosine-fallback if
# the extension cannot load in the slim image). Never affects existing routes.
RUN pip install --no-cache-dir "lmdb>=1.4.0" "sqlite-vss>=0.1.2"
# ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay / Perplexity Computer Agent):
# explicit per-file COPY (this Dockerfile does not use `COPY . .`). serve.py imports
# szl_unay_routes and calls .register(app, ns="amaru") -> /api/amaru/v2/unay/* +
# /api/amaru/v2/khipu/lmdb/*. Real durable lmdb + real sqlite-vss honest fallback.
COPY szl_unay.py ./szl_unay.py
COPY szl_khipu_lmdb.py ./szl_khipu_lmdb.py
COPY szl_khipu_replicate.py ./szl_khipu_replicate.py
COPY szl_unay_routes.py ./szl_unay_routes.py
# ADDITIVE (Warhacker aliases, Yachay 2026-06-01): top-level /healthz + /khipu/* + /wires/D.
# Per-file COPY (no `COPY . .`) — without this `import szl_warhacker_aliases` fails.
COPY szl_warhacker_aliases.py ./szl_warhacker_aliases.py
# ADDITIVE (Agentic Codex Kernels, Doctrine v11 §15, Yachay 2026-06-01): vendor the
# self-contained kernel layer. serve.py imports szl_kernels_organ and calls
# .register(app, organ="amaru") -> 9 living kernels + /api/amaru/v3/kernels/* lifecycle API.
# Per-file COPY (this Dockerfile uses no `COPY . .`) — without it `import szl_kernels_organ` fails.
COPY szl_kernels_organ.py ./szl_kernels_organ.py
CMD ["python", "serve.py"]