# ToRivers Automation Sandbox
# This Docker image provides an isolated environment for running automations
# with production-like constraints.

FROM python:3.11-slim

# Set labels
LABEL maintainer="ToRivers <dev@torivers.com>"
LABEL description="ToRivers Automation Sandbox for isolated automation testing"
LABEL version="1.0.0"

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PYTHONFAULTHANDLER=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

# Create non-root user for security
RUN groupadd --gid 1000 sandbox \
    && useradd --uid 1000 --gid sandbox --shell /bin/bash --create-home sandbox

# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Set working directory
WORKDIR /app

# Install Python dependencies
# First install SDK and common dependencies
# NOTE: Packages MUST match ALLOWED_IMPORTS in:
#   - torivers-sdk/src/torivers_sdk/validators/security.py
#   - apps/ai-engine-v2/review/validators.py
RUN pip install --no-cache-dir \
    torivers-sdk>=0.1.0b5 \
    langgraph>=0.2.0 \
    pydantic>=2.0.0 \
    httpx>=0.27.0 \
    pyyaml>=6.0.0 \
    pandas>=2.0.0 \
    numpy>=1.24.0 \
    pillow>=10.0.0 \
    langchain>=0.2.0 \
    langchain-core>=0.1.0 \
    langchain-anthropic>=0.1.0 \
    langchain-openai>=0.1.0 \
    jinja2>=3.1.0 \
    aiohttp>=3.9.0 \
    beautifulsoup4>=4.12.0 \
    lxml>=5.0.0 \
    openpyxl>=3.1.0 \
    xlrd>=2.0.0 \
    matplotlib>=3.8.0 \
    seaborn>=0.13.0 \
    plotly>=5.18.0 \
    pytz>=2024.1 \
    python-dateutil>=2.8.0 \
    jsonschema>=4.0 \
    asyncio-throttle>=1.0

# Copy entrypoint script
COPY entrypoint.py /app/entrypoint.py
RUN chmod +x /app/entrypoint.py

# Create directories
RUN mkdir -p /automation /tmp \
    && chown -R sandbox:sandbox /app /automation /tmp

# Switch to non-root user
USER sandbox

# Set default environment variables
ENV INPUT_DATA='{}' \
    MOCK_CREDENTIALS='true' \
    OUTPUT_FILE='/tmp/automation_output.json'

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD python -c "import torivers_sdk; print('healthy')" || exit 1

# Entry point
ENTRYPOINT ["python", "/app/entrypoint.py"]
