ARG III_VERSION=0.11.2

# Pull the official iii engine binary
FROM iiidev/iii:${III_VERSION} AS iii-image

FROM node:22-slim

ARG AGENTMEMORY_VERSION=0.9.21
ARG III_VERSION=0.11.2
ARG III_SDK_VERSION=0.11.2

# Install Caddy + runtime deps
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
       debian-keyring debian-archive-keyring apt-transport-https \
       curl gnupg openssl ca-certificates tini gosu python3 python3-pip \
    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
       | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg \
    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
       | tee /etc/apt/sources.list.d/caddy-stable.list \
    && apt-get update && apt-get install -y caddy \
    && pip3 install --break-system-packages huggingface_hub \
    && rm -rf /var/lib/apt/lists/*

# Copy iii binary from official image (avoids re-downloading on every boot)
COPY --from=iii-image /app/iii /usr/local/bin/iii

# Set up HF Spaces user (uid 1000 required)
RUN userdel -r node 2>/dev/null || true \
    && useradd -m -u 1000 user

# Install agentmemory with pinned iii-sdk to match engine version
WORKDIR /opt/agentmemory
RUN printf '{"name":"agentmemory-deploy","version":"1.0.0","private":true,"overrides":{"iii-sdk":"%s"}}\n' \
      "${III_SDK_VERSION}" > package.json \
    && npm install "@agentmemory/agentmemory@${AGENTMEMORY_VERSION}" \
       --omit=optional --no-fund --no-audit \
    && ln -s /opt/agentmemory/node_modules/.bin/agentmemory /usr/local/bin/agentmemory

# Override iii-config.yaml at build time:
# - bind 0.0.0.0 (not 127.0.0.1) so Caddy can reach it
# - use absolute /home/user/.agentmemory paths so data lands in our sync dir
RUN cat > /opt/agentmemory/node_modules/@agentmemory/agentmemory/dist/iii-config.yaml <<'EOF'
workers:
  - name: iii-http
    config:
      port: 3111
      host: 0.0.0.0
      default_timeout: 180000
      cors:
        allowed_origins:
          - "http://localhost:3111"
          - "http://localhost:3113"
          - "http://127.0.0.1:3111"
          - "http://127.0.0.1:3113"
        allowed_methods: [GET, POST, PUT, DELETE, OPTIONS]
  - name: iii-state
    config:
      adapter:
        name: kv
        config:
          store_method: file_based
          file_path: /home/user/.agentmemory/state_store.db
  - name: iii-queue
    config:
      adapter:
        name: builtin
  - name: iii-pubsub
    config:
      adapter:
        name: local
  - name: iii-cron
    config:
      adapter:
        name: kv
  - name: iii-stream
    config:
      port: 3112
      host: 0.0.0.0
      adapter:
        name: kv
        config:
          store_method: file_based
          file_path: /home/user/.agentmemory/stream_store
  - name: iii-observability
    config:
      enabled: true
      service_name: agentmemory
      exporter: memory
      sampling_ratio: 1.0
      metrics_enabled: true
      logs_enabled: true
      logs_console_output: true
EOF

# Give user 1000 ownership of everything it needs to write at runtime
RUN chown -R user:user /opt/agentmemory /home/user

ENV TINI_SUBREAPER=1 \
    HOME=/home/user

WORKDIR /app
RUN chown user:user /app

USER user

COPY --chown=user:user Caddyfile /app/Caddyfile
COPY --chown=user:user start.sh /app/start.sh
COPY --chown=user:user sync.py /app/sync.py
RUN chmod +x /app/start.sh

EXPOSE 7860

ENTRYPOINT ["/usr/bin/tini", "--", "/app/start.sh"]