FROM python:3.12-slim AS runtime

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/app/.venv/bin:${PATH}"

WORKDIR /app

RUN apt-get update \
    && apt-get install -y --no-install-recommends curl ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    && pip install --no-cache-dir uv

COPY pyproject.toml ./

RUN python - <<'PY' > /tmp/requirements.txt
import tomllib

with open("pyproject.toml", "rb") as f:
    project = tomllib.load(f)["project"]

for dep in project["dependencies"]:
    # llm-connect is a local editable test integration and must not be pulled
    # into the production image. hub-core is runtime code, but it is installed
    # from the named Docker build context below because it is not published yet.
    if dep in {"llm-connect", "hub-core"}:
        continue
    print(dep)
PY

RUN uv venv /app/.venv \
    && uv pip install --python /app/.venv/bin/python --no-cache -r /tmp/requirements.txt

COPY --from=hub_core_src pyproject.toml /tmp/hub-core/pyproject.toml
COPY --from=hub_core_src hub_core/ /tmp/hub-core/hub_core/

RUN uv pip install --python /app/.venv/bin/python --no-cache /tmp/hub-core

COPY alembic.ini ./
COPY api/ ./api/
COPY flows/ ./flows/
COPY mcp_server/ ./mcp_server/
COPY migrations/ ./migrations/
COPY policies/ ./policies/
COPY prompts/ ./prompts/
COPY scripts/ ./scripts/
COPY task_flow_engine/ ./task_flow_engine/

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
    CMD python -c "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8000/state/health', timeout=3).read()"

CMD ["uvicorn", "api.main:app", "--host", "0.0.0.0", "--port", "8000"]