FROM python:3.11-slim-bookworm

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PORT=7860 \
    HOST=0.0.0.0

# A practical developer shell environment for the owner-only agent.
# proot lets the shell see the session workspace as visible / without running the app as root.
RUN apt-get update && apt-get install -y --no-install-recommends \
    bash \
    build-essential \
    ca-certificates \
    curl \
    fd-find \
    git \
    jq \
    less \
    nano \
    nodejs \
    npm \
    procps \
    proot \
    ripgrep \
    tree \
    unzip \
    vim-tiny \
    wget \
    zip \
  && rm -rf /var/lib/apt/lists/*

RUN useradd -m -u 1000 -s /bin/bash user \
  && mkdir -p /app /data/sessions \
  && chown -R user:user /app /data

WORKDIR /app
COPY --chown=user:user requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
COPY --chown=user:user app ./app
COPY --chown=user:user README.md ./README.md

USER user
EXPOSE 7860

CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860", "--proxy-headers"]