FROM python:3.12-slim AS builder
WORKDIR /build
COPY pyproject.toml README.md ./
COPY src/ ./src/
RUN pip install --no-cache-dir build && python -m build --wheel --outdir /build/dist
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir /build/dist/*.whl

FROM python:3.12-slim
RUN groupadd -r app && useradd -r -g app -d /home/app app \
 && mkdir -p /home/app /workspace /app/reports \
 && chown -R app:app /home/app /workspace /app
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH" PYTHONUNBUFFERED=1
WORKDIR /app
HEALTHCHECK --interval=30s --timeout=5s CMD ["python","-c","import ai_code_review_agent"]
USER app
ENTRYPOINT ["ai-review"]
CMD ["--help"]