FROM node:22-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
        git \
        ca-certificates \
        ripgrep \
        curl \
        less \
        unzip \
        build-essential \
        openjdk-17-jdk-headless \
    && rm -rf /var/lib/apt/lists/*

RUN npm install -g @anthropic-ai/claude-code

COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/

# Rust (stable, minimal profile + clippy/rustfmt). Installed system-wide under
# /usr/local so the non-root `node` user can use it; the tree is world-writable
# so cargo can populate its registry cache under $CARGO_HOME at build time.
ENV RUSTUP_HOME=/usr/local/rustup \
    CARGO_HOME=/usr/local/cargo \
    PATH=/usr/local/cargo/bin:$PATH
RUN curl -fsSL https://sh.rustup.rs \
        | sh -s -- -y --default-toolchain stable --profile minimal --no-modify-path \
    && rustup component add clippy rustfmt \
    && chmod -R a+rw "$RUSTUP_HOME" "$CARGO_HOME"

# Android SDK (cmdline-tools + platform-tools + API 34 + build-tools 34). Only
# the x86_64 cmdline-tools zip is published by Google, so this image is
# effectively amd64-only for Android work. Kotlin itself is pulled by Gradle
# via the project's ./gradlew wrapper, so no separate install is needed.
ENV ANDROID_HOME=/opt/android-sdk \
    JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 \
    PATH=$PATH:/opt/android-sdk/cmdline-tools/latest/bin:/opt/android-sdk/platform-tools
RUN mkdir -p "$ANDROID_HOME/cmdline-tools" \
    && curl -fsSL -o /tmp/cmdline-tools.zip \
        https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip \
    && unzip -q /tmp/cmdline-tools.zip -d "$ANDROID_HOME/cmdline-tools" \
    && mv "$ANDROID_HOME/cmdline-tools/cmdline-tools" "$ANDROID_HOME/cmdline-tools/latest" \
    && rm /tmp/cmdline-tools.zip \
    && yes | sdkmanager --licenses >/dev/null \
    && sdkmanager \
        "platform-tools" \
        "platforms;android-34" \
        "build-tools;34.0.0" \
    && chmod -R a+rw "$ANDROID_HOME"

# node:22-slim already ships a `node` user at uid 1000, reuse it.
USER node
# Ensure the auth dir exists with the right ownership so `trusted-agent` can
# bind-mount a projected .credentials.json at /home/node/.claude/.
RUN mkdir -p /home/node/.claude
WORKDIR /workspace

ENTRYPOINT []
CMD ["claude"]
