# NeuroAgentTest (NAT) — Multi-Agent Neural Network Framework
# Copyright (C) 2026 NAT Contributors
# AGPL-3.0-or-later — see LICENSE for details
# For commercial licensing: licensing@nat-testing.io

# ---------------------------------------------------------------------------
# Stage 1: Build — install dependencies and build the wheel
# ---------------------------------------------------------------------------
FROM python:3.11-slim-bookworm AS builder

WORKDIR /build

ARG SETUPTOOLS_SCM_PRETEND_VERSION=0.0.0+unknown
ENV SETUPTOOLS_SCM_PRETEND_VERSION=${SETUPTOOLS_SCM_PRETEND_VERSION}

# Install build tooling (must match pyproject.toml [build-system].requires)
RUN pip install --no-cache-dir build==1.2.2 "setuptools>=68" wheel "setuptools-scm>=8"

# Copy only the files needed to build the package
COPY pyproject.toml README.md LICENSE ./
COPY src/ ./src/

# Build the wheel
RUN python -m build --wheel --no-isolation

# ---------------------------------------------------------------------------
# Stage 2: Runtime — minimal production image
# ---------------------------------------------------------------------------
FROM python:3.11-slim-bookworm

ARG BUILD_DATE
ARG VCS_REF
ARG VERSION=1.0.0

LABEL org.opencontainers.image.title="NeuroAgentTest (NAT) API Server" \
      org.opencontainers.image.description="REST API server for the NAT adaptive testing engine" \
      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
      org.opencontainers.image.source="https://github.com/bg-playground/MultiAgent-Neural-Network-Framework" \
      org.opencontainers.image.url="https://github.com/bg-playground/MultiAgent-Neural-Network-Framework" \
      org.opencontainers.image.version="${VERSION}" \
      org.opencontainers.image.revision="${VCS_REF}" \
      org.opencontainers.image.created="${BUILD_DATE}" \
      org.opencontainers.image.vendor="NAT Contributors"

# Create a non-root user for security
RUN addgroup --system nat && adduser --system --ingroup nat nat

WORKDIR /app

# Copy built wheel from builder stage and install it
COPY --from=builder /build/dist/*.whl /tmp/

RUN pip install --no-cache-dir /tmp/*.whl && rm /tmp/*.whl

# Create data directories owned by the nat user
RUN mkdir -p /app/data/scans /app/data/weights /app/data/regression && \
    chown -R nat:nat /app/data

# Switch to non-root user
USER nat

# Expose the default port
EXPOSE 8080

# Environment variables with sensible defaults
ENV NAT_HOST=0.0.0.0 \
    NAT_PORT=8080 \
    NAT_LOG_LEVEL=info \
    NAT_WORKERS=1

# Built-in health check (uses the default port 8080; override via NAT_PORT env var)
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
    CMD python -c "import os,urllib.request; urllib.request.urlopen('http://localhost:'+os.environ.get('NAT_PORT','8080')+'/api/v1/health')" || exit 1

# Default command: run the FastAPI server with uvicorn
CMD uvicorn mannf.product.server:app \
      --host "${NAT_HOST}" \
      --port "${NAT_PORT}" \
      --log-level "${NAT_LOG_LEVEL}" \
      --workers "${NAT_WORKERS}"
