FROM python:3.12-slim AS base

LABEL maintainer="Orxaq <engineering@orxaq.com>"
LABEL description="Orxaq — Cognitive Causal Operating System for Credit Risk"

WORKDIR /app

# Security: non-root user
RUN groupadd -r orxaq && useradd -r -g orxaq -d /app orxaq

# Install dependencies
COPY pyproject.toml README.md ./
COPY src/ src/
RUN pip install --no-cache-dir -e ".[docs]" 2>/dev/null || pip install --no-cache-dir -e .

# Copy remaining files
COPY data/ data/

# Security: drop privileges
USER orxaq

# Health check
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
    CMD python -c "from orxaq.orchestration.integration import OrxaqEngine; e = OrxaqEngine(); print('ok')" || exit 1

# Default: start dashboard
EXPOSE 8741
CMD ["python", "-m", "orxaq.experiences.cli", "serve", "--port", "8741"]
