FROM python:3.11-slim

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Cache the cross-encoder model at build time so there is no download on cold start
ENV SENTENCE_TRANSFORMERS_HOME=/app/.st_cache
RUN python -c "from sentence_transformers import CrossEncoder; CrossEncoder('cross-encoder/ms-marco-MiniLM-L-6-v2')"

COPY . .

# HF Spaces requires a non-root user (uid 1000)
RUN adduser --disabled-password --gecos '' --uid 1000 user \
    && chown -R user:user /app
USER user

# HF Spaces Docker containers must listen on port 7860
EXPOSE 7860

CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "1", "--timeout", "120", "--preload", "wsgi:app"]