FROM docker.io/library/node:22-slim

USER root

RUN apt-get update && apt-get install -y --no-install-recommends \
        git \
        ca-certificates \
        curl \
        openssh-client \
        build-essential \
        python3 \
        ripgrep \
        fd-find \
    && rm -rf /var/lib/apt/lists/* \
    && ln -s /usr/bin/fdfind /usr/local/bin/fd

# Install OpenAI Codex CLI (latest stable).
# --ignore-scripts skips npm postinstall hooks (defense-in-depth — the
# package's runtime code still runs, only postinstall is skipped).
RUN npm install -g --ignore-scripts @openai/codex

# agentcage introspection: bake a short "you are sandboxed" brief into Codex's
# global guidance file (~/.codex/AGENTS.md) so the agent discovers it is caged
# with zero setup. agentcage stages the canonical AGENTS.md brief into the
# build context (see agentcage.scaffold_brief) — it is not committed per-scaffold.
#
# Delivered as a plain, writable, node-owned file — deliberately NOT a
# read-only bind mount over ~/.codex (that makes the runtime create ~/.codex
# root-owned, breaking Codex's own config/auth writes). Codex keeps full
# ownership of ~/.codex.
RUN mkdir -p /home/node/.codex
COPY AGENTS.md /home/node/.codex/AGENTS.md
RUN chown -R node:node /home/node/.codex

# node:22-slim already has user node (1000:1000)
USER node
WORKDIR /workspace
