FROM python:3.12-slim

# uv for fast, reproducible installs
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

WORKDIR /app

# Install dependencies first (better layer caching)
COPY pyproject.toml uv.lock README.md LICENSE ./
COPY src ./src
RUN uv sync --frozen --no-dev

ENV QHUB_MCP_TRANSPORT=http \
    QHUB_MCP_HOST=0.0.0.0 \
    QHUB_MCP_PORT=8000

EXPOSE 8000

# Remote OAuth config is supplied at runtime:
#   KEYCLOAK_REALM_URL, MCP_PUBLIC_URL, (optional) MCP_AUDIENCE
CMD ["uv", "run", "--no-dev", "qhub-mcp"]
