# --- Build Stage ---
FROM python:3.11-slim AS builder

# Pin versions for reproducibility
ARG AGENT_REPO="https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent.git"
ARG AGENT_COMMIT="a89dae9942997b55d1b66330ff62de24ab3d6170"
ARG UV_VERSION="0.5.1"

RUN apt-get update && apt-get install -y --no-install-recommends     curl git build-essential cmake ca-certificates &&     curl -LsSf https://astral.sh/uv/${UV_VERSION}/install.sh | sh &&     rm -rf /var/lib/apt/lists/*

ENV PATH="/root/.local/bin:${PATH}"

WORKDIR /app
# Pin the clone to a specific commit for deterministic builds
RUN git clone ${AGENT_REPO} . && git checkout ${AGENT_COMMIT}

# Install dependencies and project into venv
RUN uv sync --frozen --no-dev

# --- Final Stage ---
FROM python:3.11-slim

RUN apt-get update && apt-get install -y --no-install-recommends     curl git socat ripgrep ffmpeg ca-certificates &&     rm -rf /var/lib/apt/lists/*

# Copy only the venv and the app source
COPY --from=builder /app /app
ENV PATH="/app/.venv/bin:${PATH}"

WORKDIR /app

# Healthcheck to verify the gateway is responding
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
    CMD curl -f http://localhost:8643/health || exit 1

EXPOSE 8643
ENTRYPOINT ["hermes", "gateway"]