FROM python:3.11-slim AS builder

RUN apt-get update && apt-get install -y \
    gcc \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

COPY pyproject.toml README.md ./
COPY src/ ./src/

RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir build && \
    python -m build && \
    pip install --no-cache-dir dist/*.whl

FROM python:3.11-slim AS production

RUN groupadd -r appuser && useradd -r -g appuser appuser

RUN apt-get update && apt-get install -y \
    curl \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

WORKDIR /app

COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin

RUN mkdir -p /app/documents /app/logs && \
    chown -R appuser:appuser /app

COPY --chown=appuser:appuser src/ ./src/
COPY --chown=appuser:appuser content/ ./content/
COPY --chown=appuser:appuser docs/ ./docs/
COPY --chown=appuser:appuser apps/ ./apps/
COPY --chown=appuser:appuser packages/ ./packages/
COPY --chown=appuser:appuser scripts/entrypoint.sh /app/scripts/entrypoint.sh
COPY --chown=appuser:appuser README.md README_DOCUMINT.md MCP_QUICKSTART.md env.example mcp.json package.json railway.json ./

RUN chmod +x /app/scripts/entrypoint.sh

USER appuser

ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    LOG_LEVEL=INFO \
    DOCUMENT_STORAGE_PATH=/app/documents \
    REPO_ROOT=/app \
    HOST=0.0.0.0 \
    PORT=8000

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8000/health || exit 1

EXPOSE 8000

CMD ["/app/scripts/entrypoint.sh"]
