FROM node:20-slim

# Build stage uses root; HF runtime runs as UID 1000 (non-root).
USER root

# 1) OS tools (A组+B组+C组)
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
      git \
      curl \
      ca-certificates \
      openssh-client \
      ripgrep \
      jq \
      python3 \
      python3-pip \
      python3-venv \
      unzip \
      zip \
      xz-utils \
      file \
      procps \
      less \
    && rm -rf /var/lib/apt/lists/*

# 2) Install Bun (for OpenCode plugins: OpenCode runs bun install at startup)
#    Install to /usr/local/bun and expose in PATH.
ENV BUN_INSTALL=/usr/local/bun
RUN mkdir -p ${BUN_INSTALL} && \
    curl -fsSL https://bun.com/install | bash && \
    ln -sf ${BUN_INSTALL}/bin/bun /usr/local/bin/bun && \
    bun --version

# 3) Prepare directories and permissions for UID 1000
RUN mkdir -p /home/node/app /home/node/workspace && \
    mkdir -p /home/node/chat /home/node/temp /home/node/project && \
    mkdir -p /home/node/.config/opencode && \
    chown -R 1000:1000 /home/node

WORKDIR /home/node/app

# Switch to non-root (UID 1000)
USER 1000
ENV HOME=/home/node
ENV NODE_ENV=production

# Make local node bin always available (fix "opencode not found" in spawned processes)
ENV PATH="/home/node/app/node_modules/.bin:/usr/local/bun/bin:${PATH}"

# 4) Install Node deps as non-root
COPY --chown=1000:1000 package*.json ./
RUN npm install --loglevel=error --no-audit --no-fund --prefer-offline

# 5) Copy app code
COPY --chown=1000:1000 . .

# 6) Install global OpenCode config to the official global path:
#    ~/.config/opencode/opencode.json (JSONC is supported by OpenCode)
#    Official global location: ~/.config/opencode/opencode.json <!--citation:1-->
RUN cp -f /home/node/app/opencode.jsonc /home/node/.config/opencode/opencode.json

EXPOSE 7860
CMD ["node", "server.js"]