# ---------- base (shared by dev & CI) ----------
FROM python:3.13-slim

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    bash \
    curl \
    git \
    build-essential \
    nodejs \
    npm \
    && rm -rf /var/lib/apt/lists/*

# Use bash for later RUN commands so devcontainer feature scripts that rely on bash work correctly
SHELL ["/bin/bash", "-lc"]

# install uv to a system-wide path so it's accessible to all users
RUN curl -Ls https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh

# create non-root user
ARG USERNAME=appuser
ARG USER_UID=1000
ARG USER_GID=1000

RUN groupadd --gid $USER_GID $USERNAME \
    && useradd --shell /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME

WORKDIR /workspace

# dependency layer
COPY pyproject.toml uv.lock* ./

ENV UV_PROJECT_ENVIRONMENT=/workspace/.venv

RUN uv sync --frozen

RUN chown -R $USERNAME:$USERNAME /workspace

ENV PATH="/workspace/.venv/bin:$PATH"
ENV CLAUDE_CONFIG_DIR=/workspace/.claude

USER $USERNAME

CMD ["bash"]
