# MadcatOS Instance — opencode service
# Runs opencode serve with all agents, CLI tools, and plugins
#
# Build context: instance/docker/
# Copies from: instance/agents/, instance/config/

FROM node:22-bookworm

LABEL org.opencontainers.image.title="madcat-os-opencode"
LABEL org.opencontainers.image.description="MadcatOS opencode service with agents and CLI tools"

# Prevent interactive prompts during install
ENV DEBIAN_FRONTEND=noninteractive

# ─── System dependencies ───────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    git curl jq sqlite3 python3 ca-certificates gnupg openssh-client \
    && rm -rf /var/lib/apt/lists/*

# ─── opencode ──────────────────────────────────────────────────────
RUN npm i -g opencode-ai@latest

# ─── wrangler (Cloudflare Workers CLI) ─────────────────────────────
RUN npm i -g wrangler

# ─── cloudflared ───────────────────────────────────────────────────
RUN curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | \
    gpg --dearmor -o /usr/share/keyrings/cloudflare.gpg && \
    echo "deb [signed-by=/usr/share/keyrings/cloudflare.gpg] https://pkg.cloudflare.com/cloudflared bookworm main" \
    > /etc/apt/sources.list.d/cloudflared.list && \
    apt-get update && apt-get install -y --no-install-recommends cloudflared \
    && rm -rf /var/lib/apt/lists/*

# ─── flarectl (Cloudflare DNS CLI) ─────────────────────────────────
RUN ARCH=$(dpkg --print-architecture) && \
    curl -fsSL -o /usr/local/bin/flarectl \
    "https://github.com/cloudflare/cloudflare-go/releases/latest/download/flarectl_linux_${ARCH}" && \
    chmod +x /usr/local/bin/flarectl

# ─── tea (Gitea CLI) ──────────────────────────────────────────────
RUN ARCH=$(dpkg --print-architecture) && \
    curl -fsSL -o /usr/local/bin/tea \
    "https://dl.gitea.com/tea/latest/tea-linux-${ARCH}" && \
    chmod +x /usr/local/bin/tea

# ─── gh (GitHub CLI) ──────────────────────────────────────────────
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
    gpg --dearmor -o /usr/share/keyrings/githubcli.gpg && \
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli.gpg] https://cli.github.com/packages stable main" \
    > /etc/apt/sources.list.d/github-cli.list && \
    apt-get update && apt-get install -y --no-install-recommends gh \
    && rm -rf /var/lib/apt/lists/*

# ─── opencode plugin (from private npm registry) ──────────────────
RUN npm config set @madcat-os:registry https://repos.saiden.dev/api/packages/madcat-os/npm/ && \
    npm i -g @madcat-os/opencode-plugin@latest

# ─── NAPI binary (madcat-memory) ─────────────────────────────────
RUN mkdir -p /opt/madcat && \
    curl -fsSL -o /opt/madcat/madcat-memory.linux-x64-gnu.node \
    https://files.saiden.dev/madcat-memory/latest/madcat-memory.linux-x64-gnu.node

# ─── opencode-pty plugin ─────────────────────────────────────────
RUN npm i -g opencode-pty@latest

# ─── browse-mcp (referenced in config) ───────────────────────────
RUN npm i -g @nicepkg/browse-mcp@latest || true

# ─── Agent bundle + config ────────────────────────────────────────
# These are COPY'd from the build context (instance/)
RUN mkdir -p /etc/madcat/opencode/agents /etc/madcat/opencode/config

COPY agents/ /etc/madcat/opencode/agents/
COPY config/opencode.jsonc.template /etc/madcat/opencode/config/

# ─── Create non-root user for opencode ────────────────────────────
RUN useradd -m -s /bin/bash -d /home/opencode opencode && \
    mkdir -p /home/opencode/.local/share/opencode \
             /home/opencode/.config/opencode && \
    chown -R opencode:opencode /home/opencode

# ─── Entrypoint setup ────────────────────────────────────────────
# The entrypoint script handles config template rendering at startup
COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

WORKDIR /home/opencode
USER opencode

EXPOSE 4096

HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
    CMD curl -sf http://localhost:4096/api/health || exit 1

ENTRYPOINT ["entrypoint.sh"]
CMD ["opencode", "serve", "--hostname", "0.0.0.0"]
