FROM python:3.12-slim

WORKDIR /app

# graphiti-mcp is NOT published to PyPI — the only official implementation
# lives in the upstream getzep/graphiti repo under mcp_server/.  Install it
# directly from source, together with graphiti-core and its FalkorDB extra.
# Pinned to v0.3 series of graphiti-core for API stability.
RUN apt-get update \
    && apt-get install -y --no-install-recommends git \
    && rm -rf /var/lib/apt/lists/* \
    && git clone --depth 1 --branch main https://github.com/getzep/graphiti.git /tmp/graphiti \
    && pip install --no-cache-dir /tmp/graphiti/mcp_server \
    && pip install --no-cache-dir "graphiti-core[falkordb]>=0.3.0,<0.5.0" \
    && rm -rf /tmp/graphiti \
    && apt-get purge -y git \
    && apt-get autoremove -y

EXPOSE 8200

# The upstream graphiti-mcp server exposes SSE at /sse (not /health);
# a successful TCP connect is enough to verify the process is up.
HEALTHCHECK --interval=20s --timeout=5s --start-period=30s --retries=3 \
    CMD python -c "import socket; s=socket.socket(); s.settimeout(3); s.connect(('127.0.0.1', 8200))" \
        || exit 1

RUN useradd -m -u 1000 graphiti
USER graphiti

# Transport: sse — HTTP-based SSE stream, compatible with the CHRONOS MCP client.
# GRAPH_DATABASE_URI and LLM credentials are read from .env via docker-compose.
CMD ["graphiti-mcp", "--transport", "sse", "--host", "0.0.0.0", "--port", "8200"]
