########################################################################
# fleet-drafter — sandbox image for kairos.fleet.ContainerizedDrafter.
#
# Long-lived per-drafter container that runs cycle_prove against a
# private lake project, with no host filesystem access and no API
# credentials. LLM calls go OUT via stdio JSON-RPC to the host
# orchestrator (kairos.fleet.host_proxy.HostLLMProxy), which injects
# auth and forwards to the real provider. The container itself is
# expected to run with `--network=none` at runtime so even a
# misbehaving LLM cannot exfil over the network.
#
# Layers:
#   1. lean-base — Lean 4 toolchain + pre-warmed Mathlib oleans.
#   2. athanor-sdk — installed in /opt/venv so cycle_prove +
#      StdioProxyClient + lean_cycle are importable.
#   3. drafter user (uid 1000) owns /workspace; root owns nothing
#      writable that the drafter cares about.
#
# Bind-mount strategy at runtime (caller's job, not the image's):
#   * /workspace/lake/    — read-only mount of pre-built lake project
#                           (Mathlib oleans + public scaffold). DO NOT
#                           include reference proofs; the drafter must
#                           not be able to read its own target's
#                           reference solution.
#   * /workspace/work/    — writable tmpfs / bind-mount for the
#                           candidate's overlay (the .lean file the
#                           cycle is iterating on).
#   * /workspace/audit/   — writable bind-mount for session logs
#                           (picked up by the ATH-739 mining cron).
#
# Stdio protocol (one JSON object per line, both directions):
#   host → container (initial, before any cycle work):
#     {"method": "cycle_target",
#      "target": {<CycleTarget fields>},
#      "model_id": str,
#      "drafter_alias": str,
#      "max_rounds": int,
#      "temperature": float,
#      "max_tokens": int}
#   container → host (during cycle):
#     {"method": "llm_call", ...}    — handled by StdioProxyClient
#   host → container (response):
#     {"request_id": ..., "content": ..., ...}
#   container → host (terminal):
#     {"method": "cycle_result", ...}
########################################################################

FROM ghcr.io/athanor-ai/lean-base:2026.04.10

ENV UV_CACHE_DIR=/tmp/uv_cache \
    DRAFTER_WORKDIR=/workspace \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1

# Single shared venv at /opt/venv. lean-base ships uv + python; we
# pin 3.12 to match the SDK's tested Python version (matches the
# pythia + athanor-builder convention).
RUN uv venv --python=3.12 --seed /opt/venv && \
    rm -rf ${UV_CACHE_DIR}

# Install the SDK source. We COPY only what's needed for `pip install
# -e .` (pyproject + src + minimal build deps) so unrelated repo churn
# (docs/, tests/, examples/) doesn't bust the cache.
WORKDIR /opt/athanor-sdk
COPY pyproject.toml hatch_build.py build_cython.py LICENSE NOTICE.md README.md ./
COPY src/ ./src/
COPY schemas/ ./schemas/

# Editable install. --no-deps first to detect missing pins, then resolve
# deps separately so a network-flaky pip resolve is easier to retry.
RUN /opt/venv/bin/pip install --no-cache-dir --no-deps -e . && \
    /opt/venv/bin/pip install --no-cache-dir -e . && \
    /opt/venv/bin/python -c "import kairos.lean_cycle; import kairos.fleet" && \
    rm -rf /root/.cache /tmp/* /var/tmp/*

# Drafter user (uid 1000). Lean toolchain in lean-base lives at /root
# with mode 700 — drafter does not need it directly; uses the venv at
# /opt/venv whose binaries call lake / lean by path.
RUN groupadd -g 1000 drafter && \
    useradd -m -u 1000 -g 1000 -s /bin/bash drafter && \
    mkdir -p ${DRAFTER_WORKDIR}/lake ${DRAFTER_WORKDIR}/work ${DRAFTER_WORKDIR}/audit && \
    chown -R drafter:drafter ${DRAFTER_WORKDIR}

# Copy the in-container entrypoint script. Lives in the SDK container
# tree (containers/fleet-drafter/) so it's reviewed alongside the image
# definition rather than scattered into src/.
COPY containers/fleet-drafter/drafter_entrypoint.py /usr/local/bin/drafter-entrypoint
RUN chmod 0755 /usr/local/bin/drafter-entrypoint && \
    sed -i '1s|.*|#!/opt/venv/bin/python|' /usr/local/bin/drafter-entrypoint

ENV VIRTUAL_ENV=/opt/venv \
    PATH="/opt/venv/bin:${PATH}"

USER drafter
WORKDIR ${DRAFTER_WORKDIR}/work

# Drafter is a stdio loop — entrypoint reads from stdin, writes to
# stdout. ENTRYPOINT (not CMD) so `docker run -i` can't override it.
ENTRYPOINT ["/usr/local/bin/drafter-entrypoint"]
