| FROM python:3.11-slim-bookworm | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 \ | |
| PIP_NO_CACHE_DIR=1 \ | |
| PORT=7860 \ | |
| HOST=0.0.0.0 | |
| # A practical developer shell environment for the owner-only agent. | |
| # proot lets the shell see the session workspace as visible / without running the app as root. | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| bash \ | |
| build-essential \ | |
| ca-certificates \ | |
| curl \ | |
| fd-find \ | |
| git \ | |
| jq \ | |
| less \ | |
| nano \ | |
| nodejs \ | |
| npm \ | |
| procps \ | |
| proot \ | |
| ripgrep \ | |
| tree \ | |
| unzip \ | |
| vim-tiny \ | |
| wget \ | |
| zip \ | |
| && rm -rf /var/lib/apt/lists/* | |
| RUN useradd -m -u 1000 -s /bin/bash user \ | |
| && mkdir -p /app /data/sessions \ | |
| && chown -R user:user /app /data | |
| WORKDIR /app | |
| COPY --chown=user:user requirements.txt ./ | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| COPY --chown=user:user app ./app | |
| COPY --chown=user:user README.md ./README.md | |
| USER user | |
| EXPOSE 7860 | |
| CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860", "--proxy-headers"] | |