Dockerfile

# ============================================================
# LANDRUN SANDBOX - Kernel-level Linux Security
# Multi-stage build: Build landrun + Run FastAPI app
# ============================================================

# Stage 1: Build landrun binary from Go source
FROM golang:1.22-bookworm AS builder

WORKDIR /build

# Copy landrun source with proper structure
COPY landrun-main/ ./

# Build landrun with full module context
RUN go mod download && \
    go build -ldflags="-s -w" -o landrun ./cmd/landrun

# Stage 2: Production image with Python + landrun
FROM python:3.11-slim-bookworm

# Install system dependencies
RUN apt-get update && apt-get install -y \
    nodejs \
    npm \
    curl \
    procps \
    strace \
    && rm -rf /var/lib/apt/lists/*

# Copy landrun binary from builder
COPY --from=builder /build/landrun /usr/local/bin/landrun

# Verify landrun works
RUN landrun --version

# Set working directory
WORKDIR /app

# Copy Python requirements
COPY requirements.txt .

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY app.py .

# Create execution directory
RUN mkdir -p /tmp/sandbox && chmod 777 /tmp/sandbox

# Expose port for Hugging Face Spaces
EXPOSE 7860

# Set environment variables
ENV PYTHONUNBUFFERED=1
ENV HOST=0.0.0.0
ENV PORT=7860

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

# Run FastAPI with uvicorn
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]