FROM node:22-bookworm-slim

ARG NPM_REGISTRY=https://registry.npmmirror.com
ARG CODEX_VERSION=0.125.0
ARG CLAUDE_CODE_VERSION=2.1.140

ENV DEBIAN_FRONTEND=noninteractive

RUN sed -i \
      -e 's|http://deb.debian.org/debian|http://mirrors.aliyun.com/debian|g' \
      -e 's|http://deb.debian.org/debian-security|http://mirrors.aliyun.com/debian-security|g' \
      /etc/apt/sources.list.d/debian.sources \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
      bubblewrap \
      build-essential \
      ca-certificates \
      curl \
      git \
      gnupg \
      jq \
      less \
      openssh-client \
      procps \
      python3 \
      python3-pip \
      python3-venv \
      ripgrep \
      rsync \
      sqlite3 \
      tini \
      tmux \
      unzip \
      vim-tiny \
      zip \
    && rm -rf /var/lib/apt/lists/*

RUN npm config set registry "${NPM_REGISTRY}" \
    && npm install --global \
      "@openai/codex@${CODEX_VERSION}" \
      "@anthropic-ai/claude-code@${CLAUDE_CODE_VERSION}" \
    && npm cache clean --force

RUN groupmod --new-name agent node \
    && usermod --login agent --home /home/agent --move-home --shell /bin/bash node \
    && install -d -o agent -g agent /app /data /tenant

WORKDIR /app

COPY --chown=agent:agent package.json package-lock.json ./
RUN npm ci --omit=dev \
    && npm cache clean --force

COPY --chown=agent:agent src ./src
COPY --chown=agent:agent README.md THIRD_PARTY_NOTICES.md ./

ENV HOME=/home/agent \
    CODEX_HOME=/home/agent/.codex \
    GSTACK_STATE_FILE=/data/state.json \
    GSTACK_INSTANCE_NAME=docker

USER agent

ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["node", "src/cli.js", "start"]
