# ShadowCat Docker Image
# AI-powered autonomous web security scanner

FROM ubuntu:24.04

LABEL description="ShadowCat - AI-Powered Autonomous Web Security Scanner"
LABEL version="2.0.0"

# Prevent interactive prompts during build
ENV DEBIAN_FRONTEND=noninteractive

# Update and install system dependencies
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y \
    # Build essentials
    build-essential \
    software-properties-common \
    ca-certificates \
    gnupg \
    # Python
    python3.12 \
    python3-pip \
    python3-venv \
    python3-dev \
    # Essential security tools
    nmap \
    netcat-openbsd \
    curl \
    wget \
    git \
    sudo \
    # Network utilities
    net-tools \
    dnsutils \
    whois \
    # VPN (for authorized connectivity)
    openvpn \
    # Text processing
    jq \
    ripgrep \
    # Terminal
    tmux \
    && apt-get autoremove -y \
    && apt-get autoclean \
    && rm -rf /var/lib/apt/lists/*

# Remove EXTERNALLY-MANAGED marker to allow pip in Docker
RUN rm -f /usr/lib/python3.*/EXTERNALLY-MANAGED && \
    apt-get remove -y python3-cryptography && \
    apt-get autoremove -y

# Node.js 20 + Claude Code CLI — required by claude-agent-sdk (OAuth auth mode)
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
    apt-get install -y nodejs && \
    npm install -g @anthropic-ai/claude-code && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# Install uv for fast Python dependency management
RUN pip install uv

# Create non-root user
RUN useradd -m -s /bin/bash shadowcat && \
    usermod -aG sudo shadowcat && \
    echo "shadowcat ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# Set up working directories
RUN mkdir -p /workspace /app /home/shadowcat/.claude && \
    chown -R shadowcat:shadowcat /workspace /app /home/shadowcat/.claude && \
    chmod 700 /home/shadowcat/.claude

# Switch to shadowcat user
USER shadowcat
WORKDIR /app

# Copy project files
COPY --chown=shadowcat:shadowcat pyproject.toml uv.lock README.md /app/
COPY --chown=shadowcat:shadowcat agent/ /app/agent/
COPY --chown=shadowcat:shadowcat backend/ /app/backend/
COPY --chown=shadowcat:shadowcat scripts/entrypoint.sh /home/shadowcat/entrypoint.sh

# Install Python dependencies via uv (frozen = reproducible)
USER root
RUN uv sync --frozen --no-dev && \
    chmod +x /home/shadowcat/entrypoint.sh

# Switch back to shadowcat user for runtime
USER shadowcat

# Set environment variables
ENV PYTHONPATH=/app
ENV PYTHONUNBUFFERED=1

# Default working directory
WORKDIR /workspace

# Use entrypoint script for auth setup
ENTRYPOINT ["/home/shadowcat/entrypoint.sh"]

# Default command - interactive bash
CMD ["/bin/bash"]
