FROM node:22-trixie

# Install system dependencies
RUN apt-get update && apt-get install -y \
  git \
  curl \
  jq \
  ca-certificates \
  python3 \
  python3-venv \
  build-essential \
  ripgrep \
  && rm -rf /var/lib/apt/lists/*

# Install GitHub CLI
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
  | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
  | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
  && apt-get update && apt-get install -y gh \
  && rm -rf /var/lib/apt/lists/*

# Rename the base image's "node" user (UID 1000) to "agent".
# This keeps UID 1000 so that --userns=keep-id (Podman) and
# --user 1000:1000 (Docker) map to the correct home directory owner.
RUN usermod -d /home/agent -m -l agent node

# Install OpenCode CLI (run as root before USER agent)
RUN npm install -g opencode-ai@latest

# Install Pourkit CLI for agent-executed validation/verification
RUN npm install -g @pourkit/cli@next

# Install opensrc so agents can inspect dependency source code
RUN npm install -g opensrc

# Pre-create writable XDG directories so bind mounts do not leave
# parent paths root-owned inside the container.
RUN mkdir -p \
  /home/agent/.local/bin \
  /home/agent/.local/share \
  /home/agent/.local/state \
  /home/agent/.config \
  /home/agent/.cache \
  && chown -R agent:node /home/agent/.local /home/agent/.config /home/agent/.cache

USER agent

WORKDIR /home/agent

ENV PATH="/home/agent/.local/bin:${PATH}"

# Install RTK
RUN curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh
RUN rtk init -g --opencode

# Install Vera CLI
# In worktree sandbox mode, Sandcastle bind-mounts the git worktree at ${SANDBOX_REPO_DIR}
# and overrides the working directory to ${SANDBOX_REPO_DIR} at container start.
# Structure your Dockerfile so that ${SANDBOX_REPO_DIR} can serve as the project root.
ENTRYPOINT ["sleep", "infinity"]
