FROM python:3.12-slim

# System tools the orchestrator shells out to
RUN apt-get update && apt-get install -y --no-install-recommends \
      git curl ca-certificates bash \
    && rm -rf /var/lib/apt/lists/*

# Trust the homelab mkcert CA so git/curl inside the container can reach
# git.homelab.local without cert errors. The CA is copied in at build time.
COPY rootCA.pem /usr/local/share/ca-certificates/homelab-rootCA.crt
RUN update-ca-certificates

# Install Claude Code CLI (the wrapper used by llm.run_claude and
# _run_claude_in_worktree). The official install.sh is unreliable in
# containers — install via npm directly.
RUN apt-get update && apt-get install -y --no-install-recommends npm \
    && rm -rf /var/lib/apt/lists/*
RUN npm install -g @anthropic-ai/claude-code@latest --silent 2>&1 | tail -5 \
    && claude --version | head -1

# Install ollama (the local LLM client used by llm.ollama_generate AND the
# launcher for `ollama launch claude -- --bare --print`). The install.sh
# script in this image is broken (it tries to install systemd services
# which don't apply in a container), so we copy the host's working binary
# at build time. Mount context: see docker-compose `build.context`.
COPY --chown=root:root ./bin/ollama /usr/local/bin/ollama
RUN chmod +x /usr/local/bin/ollama && /usr/local/bin/ollama --version | head -1

# Bundle the BMAD skills + the LLM-wiki skill + the orchestrator's own
# project-archive code at /opt/damascus/.
COPY bmad/   /opt/damascus/bmad/
COPY llm-wiki/ /opt/damascus/llm-wiki/
COPY skills/  /opt/damascus/skills/
COPY schema.sql /opt/damascus/schema.sql

WORKDIR /app
COPY pyproject.toml ./
COPY src/ ./src/
RUN pip install --no-cache-dir .

# Persistent data + workspace
RUN mkdir -p /data/logs /data/specs /data/status /workspace/projects /workspace/worktrees \
              /opt/damascus/ui

ENV PYTHONUNBUFFERED=1 \
    DAMASCUS_DATA_DIR=/data \
    DAMASCUS_WORKSPACE_DIR=/workspace

EXPOSE 9100
# Taskiq worker is the automatic trigger (design doc §13). `--concurrency N`
# is the global concurrency cap (§10); set via compose. The scheduler runs
# as a separate compose service. `damascus cycle` is the manual one-shot.
CMD ["taskiq", "worker", "damascus.tasks:broker"]
