Done readme

Dockerfile

@@ -6,6 +6,7 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
     HF_HOME=/app/.cache/huggingface \
     TRANSFORMERS_CACHE=/app/.cache/huggingface \
     XDG_CACHE_HOME=/app/.cache
+ENV HOME=/root
 
 # Install small set of system dependencies that are commonly required
 RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -27,16 +28,11 @@ WORKDIR /app
 # Create cache directory and make it writable
 RUN mkdir -p /app/.cache/huggingface && chmod -R 777 /app/.cache
 
-# Create a non-root user and ensure ownership
-RUN addgroup --system app && adduser --system --ingroup app app && chown -R app:app /app
-
-# Copy requirements first to leverage Docker layer caching and set ownership
-COPY --chown=app:app requirements.txt /app/requirements.txt
 
-# Switch to non-root user
-USER app
+# Copy requirements first to leverage Docker layer caching
+COPY requirements.txt /app/requirements.txt
 
-# Upgrade pip and install python dependencies
+# Upgrade pip and install python dependencies as root so pip can write to system site-packages
 RUN pip install --upgrade pip setuptools wheel && \
     # Install CPU versions of torch & torchvision from the official PyTorch CPU wheels index
     pip install --no-cache-dir --index-url https://download.pytorch.org/whl/cpu torch torchvision && \
@@ -46,8 +42,10 @@ RUN pip install --upgrade pip setuptools wheel && \
 # Pre-download the model during build to avoid runtime downloads
 RUN python -c "from transformers import pipeline; pipeline('zero-shot-classification', model='MoritzLaurer/DeBERTa-v3-base-mnli-fever-anli', device=-1)"
 
-# Copy the rest of the application code
+# Create a non-root user and ensure ownership, then copy app files as that user
+RUN addgroup --system app && adduser --system --ingroup app app && chown -R app:app /app
 COPY --chown=app:app . /app
+USER app
 
 # Expose the port that uvicorn will listen on (Spaces default is 7860)
 EXPOSE 7860