# Lean, uv-based Dockerfile for the Ockham Code Executor
FROM python:3.12.8-slim-bookworm

# Install system dependencies for rendering (fonts are essential for vl-convert)
RUN apt-get update && apt-get install -y --no-install-recommends \
    libfontconfig1 \
    fonts-liberation \
    fonts-dejavu-core \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Ensure the shared cache directory exists and has correct permissions
RUN mkdir -p /cache/sessions

COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

# Copy workspace config + packages for uv to resolve
COPY pyproject.toml uv.lock ./
COPY ockham/ ./ockham/
COPY server/ ./server/
COPY sandbox/ ./sandbox/

# Install all deps via workspace
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --frozen --no-dev

ENV PATH="/app/.venv/bin:$PATH" \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=0 \
    PYTHONOPTIMIZE=1

EXPOSE 8001

# Compile Python bytecode for faster cold starts
RUN python -m compileall -q -o 1 sandbox/

# Run the sandbox executor
CMD ["uvicorn", "sandbox.executor:app", "--host", "0.0.0.0", "--port", "8001", "--no-access-log", "--loop", "uvloop", "--http", "httptools"]
