# SPDX-License-Identifier: Apache-2.0
# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v11
#
# sentra HF Docker Space — THIN PROXY to the GHCR-built image (CLOSEOUT, Opus 4.8).
#
# WHY A PROXY:
#   The previous in-Space full build (~47 per-file COPY layers) exited 1 on the HF
#   builder with "cache miss" — HF's BuildKit cache was evicted, so layers that the
#   previous build relied on could not be replayed and the job failed. The canonical,
#   reproducible image is built and signed by GitHub Actions (ghcr-build-push.yml:
#   SLSA L2 build-provenance attestation + cosign keyless signature) and pushed to
#   ghcr.io/szl-holdings/sentra. This Space simply pins and runs that exact image by
#   immutable digest — one FROM, no COPY — so HF never has to rebuild the app and the
#   running bits are byte-identical to the attested GHCR artifact.
#
# PIN (immutable digest of tag uds-v0.2.0, built from main @ commit 195d580):
#   ghcr.io/szl-holdings/sentra@sha256:32360746e0084ca0c7233bbca2709c1b1e907b6ffa91c166444d8aeb196fa002
#
# The image listens on PORT 7860 (HF Space requirement) via `python serve.py`.
# Routes (all served by the pinned image):
#   /                              — Replit React SPA
#   /verdicts                      — Immune Verdict Theatre (live SSE + DSSE/in-toto/SLSA + Rekor RFC 6962)
#   /operator                      — Immune Cathedral operator-shell v4 desktop
#   /api/sentra/healthz            — liveness (+ honest slsa: L1+L2, NOT L3)
#   /api/sentra/v1/verdict|inspect — Wire B immune verdicts
#   /api/sentra/v1/verdict/stream  — SSE verdict stream
#   /api/sentra/v1/attest/{hash}   — full DSSE + in-toto Statement + SLSA Provenance v1
#   /api/sentra/v1/rekor/proof     — RFC 6962 Merkle-root recomputation + audit path
#   /api/sentra/v1/gates[/{id}]    — 8 immune gates
#   /api/sentra/v1/audit-log       — recent verdict history
#
# HONESTY OVER CHECKLIST — no mocks. Doctrine v11 LOCKED 749/14/163 @ c7c0ba17.
# Signed-off-by: Yachay <yachay@szlholdings.ai>
# Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai>

FROM ghcr.io/szl-holdings/sentra@sha256:32360746e0084ca0c7233bbca2709c1b1e907b6ffa91c166444d8aeb196fa002

# The upstream image already sets WORKDIR /app, ENV PORT=7860, EXPOSE 7860 and
# CMD ["python","serve.py"]. Re-declare the contract here for clarity/HF parsing.
ENV PORT=7860
EXPOSE 7860
CMD ["python", "serve.py"]