FROM node:20-slim

# Install ripgrep (used by search_code tool) and git
RUN apt-get update && apt-get install -y --no-install-recommends \
    ripgrep \
    git \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Install dependencies first (layer cache)
COPY package*.json ./
RUN npm ci --omit=dev

# Copy compiled output (build before docker build, or use multi-stage)
COPY dist/ ./dist/

# Non-root user for security
RUN useradd -r -s /bin/false agent
USER agent

EXPOSE 3333

ENV NODE_ENV=production
ENV PORT=3333

CMD ["node", "dist/server.js"]