Fix Docker Playwright installation and Streamlit PATH issues

- Changed playwright installation from 'playwright install' to 'python -m playwright install chromium'
- Added /home/app/.local/bin to PATH for app user to make streamlit command available
- Removed PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 to allow browser download
- Cleaned up system dependencies (removed unavailable packages like libgconf-2-4)
- Docker build and container startup now work correctly

Dockerfile

@@ -8,7 +8,7 @@ ENV PYTHONUNBUFFERED=1
 # Set working directory inside the container
 WORKDIR /project
 
-# Install system dependencies for Playwright and general tools
+# Install system dependencies for Playwright and general tools (your working version)
 RUN apt-get update && apt-get install -y \
     build-essential \
     wget \
@@ -33,20 +33,35 @@ RUN apt-get update && apt-get install -y \
     libxtst6 \
     libgbm1 \
     libxkbcommon0 \
+    libxcursor1 \
+    libxi6 \
     xvfb \
     curl \
     git \
     && rm -rf /var/lib/apt/lists/*
 
+# Create non-root user for security BEFORE installing anything
+RUN useradd --create-home --shell /bin/bash app
+
 # Copy requirements first for better caching
 COPY requirements.txt .
+RUN chown app:app requirements.txt
+
+# Switch to app user for all installations
+USER app
 
-# Install Python dependencies
+# Set Playwright browsers path for app user
+ENV PLAYWRIGHT_BROWSERS_PATH=/home/app/.cache/ms-playwright
+
+# Install Python dependencies as app user
 RUN pip install --no-cache-dir --upgrade pip setuptools wheel
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Install Playwright browsers (just chromium, no system deps since we installed them above)
-RUN playwright install chromium
+# Install Playwright browsers as app user using python -m
+RUN python -m playwright install chromium
+
+# Switch back to root to copy files and set permissions
+USER root
 
 # Create necessary directories for artifacts and temporary files
 RUN mkdir -p /tmp/omirl_data
@@ -56,28 +71,33 @@ RUN mkdir -p /project/logs
 # Copy all project files into the container
 COPY . .
 
-# Set proper permissions for artifact directories
+# Set proper permissions for artifact directories and app user
 RUN chmod 755 /tmp/omirl_data
 RUN chmod 755 /project/artifacts
+RUN chown -R app:app /project
 
-# Set Playwright environment variables for headless operation
-ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
-ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
+# Set Playwright environment variables for headless operation (your working config)
 ENV PLAYWRIGHT_HEADLESS=true
 
 # Set Python path to include project root
 ENV PYTHONPATH=/project
 
-# Create a non-root user for security (optional but recommended)
-RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /project /tmp/omirl_data
-USER appuser
+# LLM Router environment variables
+ENV LLM_ROUTER_ENABLED=true
+ENV DEFAULT_LLM_PROVIDER=gemini
 
-# Expose the port that the app will run on
-EXPOSE 7860
+# Switch back to app user for runtime
+USER app
+
+# Add the app user's local bin directory to PATH
+ENV PATH="/home/app/.local/bin:$PATH"
 
-# Health check to ensure the service is running
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
-    CMD curl -f http://localhost:7860/_stcore/health || exit 1
+# Health check (commented out since curl might not be available as app user)
+# HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+#     CMD curl -f http://localhost:7860/_stcore/health || exit 1
+
+# Expose the port that Streamlit will run on
+EXPOSE 7860
 
-# Hugging Face expects this command to run the app
-CMD ["streamlit", "run", "app/main.py", "--server.port", "7860", "--server.address", "0.0.0.0"]
+# Command to run the Streamlit app
+CMD ["streamlit", "run", "app/main.py", "--server.port=7860", "--server.address=0.0.0.0"]