FROM python:3.12-slim

WORKDIR /app

# Install system deps for bcrypt
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc libffi-dev && \
    rm -rf /var/lib/apt/lists/*

# Install dependencies first (cache layer)
COPY pyproject.toml README.md ./
COPY src/ src/
RUN pip install --no-cache-dir . && \
    pip install --no-cache-dir gunicorn

# Create data directory for SQLite fallback
RUN mkdir -p /app/data

ENV CODETRUST_DB_PATH=/app/data/codetrust.db
ENV CODETRUST_HOST=0.0.0.0
ENV CODETRUST_PORT=8080
ENV CODETRUST_ENV=production

EXPOSE 8080

# Enterprise app with auth, RBAC, org management, metered scans
CMD ["gunicorn", "aicodetrustcore.enterprise_app:app", \
     "-k", "uvicorn.workers.UvicornWorker", \
     "-b", "0.0.0.0:8080", \
     "--workers", "2", \
     "--timeout", "120", \
     "--access-logfile", "-"]
