FROM ghcr.io/astral-sh/uv:python3.14-bookworm-slim

# Create non-root user (HF Spaces convention: UID 1000)
RUN useradd -m -u 1000 user
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    UV_LINK_MODE=copy

WORKDIR /home/user/app

# Install dependencies first for caching
COPY --chown=user:user pyproject.toml uv.lock ./
RUN uv sync --frozen --no-install-project --no-dev

# Copy source
COPY --chown=user:user . .

# Sync project (after copy, so package metadata is available)
RUN uv sync --frozen --no-dev

ENV PATH="/home/user/app/.venv/bin:$PATH"
ENV PORT=7860
EXPOSE 7860

CMD ["sh", "-c", "uvicorn server:app --host 0.0.0.0 --port ${PORT}"]