# SPDX-License-Identifier: Apache-2.0
# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v11
#
# sentra HF Docker Space — FULL OPERATIONAL (round2 delivery)
#
# Routes:
#   /                          — VERBATIM Replit React SPA (Vite base="/", a11oy pattern) — REPLACES old landing per founder
#   /console/                  — Replit SPA console (verbatim, standalone)
#   /api/sentra/healthz        — liveness probe
#   /api/sentra/v1/verdict     — POST: Wire B full immune verdict
#   /api/sentra/v1/inspect     — POST: Wire B full-signal inspect
#   /api/sentra/v1/gates       — GET: list all 8 immune gates
#   /api/sentra/v1/gates/{id}  — GET: per-gate detail
#   /api/sentra/v1/gates/{id}/test  — POST: per-gate test
#   /api/sentra/v1/audit-log   — GET: recent verdict history
#   /api/sentra/v1/threats     — GET: threat-signature STIX corpus
#   /api/sentra/v1/forecast    — GET/POST: witnessed forecasting (Mādhava envelope, Cursor #65)
#
# Canonical (Doctrine v10): 749 decl / 14 unique axioms (15 raw, 1 dup) / 163 tracked sorries / 12 MCP tools / 46 policy gates
#   /brain                     — immune brain page (theorems + 8 gates + 5 LLM tiers + screening)
#   /api/sentra/v1/brain*      — brain JSON + screen; /llm/route + /llm/tiers; /mesh/state; /brainz
#
# HF Space requirement: listen on PORT 7860.

FROM python:3.12-slim

WORKDIR /app

# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends git && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# Install Python dependencies
RUN pip install --no-cache-dir \
    "fastapi>=0.111.0,<1.0.0" \
    "uvicorn[standard]>=0.29.0,<1.0.0" \
    "pydantic>=2.7.0,<3.0.0"
# ADDITIVE (Yachay / Provenance Hardening): cryptography for DSSE+Cosign Khipu signing.
RUN pip install --no-cache-dir "cryptography>=42.0"

# NOTE (P0 CI fix, Dev1 Rumi): torch+faiss+sentence-transformers removed from
# build-time pip install. At ~1GB+ they cause GH Actions OOM on ubuntu-latest
# (7GB RAM). szl_rag.py already has honest try/except lazy-load fallback:
# if the import fails it returns {"status":"rag_unavailable"} with no crash.
# Install huggingface_hub only (lightweight) for HF dataset caching utilities.
RUN pip install --no-cache-dir "huggingface_hub>=0.23.0"

# Verbatim Replit React SPA at root (Vite base="/"): index.html + assets in landing/.
# Old Vessels-DNA landing replaced per founder directive; /api/sentra/* contract preserved.
COPY landing/ ./landing/

# Copy console SPA (Replit verbatim, standalone)
COPY console/ ./console/

# Copy serve orchestrator
COPY serve.py ./serve.py
# Sentra <-> Killinchu cyber bridge (ADDITIVE): /drone-cyber tab + endpoints.
COPY sentra_drone_cyber.py ./sentra_drone_cyber.py
# a11oy.code (ADDITIVE, Doctrine v11 §14): math-corpus + code-proxy for sentra.
COPY szl_math_corpus.py ./szl_math_corpus.py
COPY szl_code_proxy.py ./szl_code_proxy.py

# Anatomy substrate (ADDITIVE): canonical formulas + composer routes.
COPY szl_formulas.py ./szl_formulas.py
COPY szl_anatomy_routes.py ./szl_anatomy_routes.py

# ADDITIVE (Doctrine v10): shared per-app BRAIN + unified LLM router + mesh wires.
COPY szl_brain.py ./szl_brain.py
# ADDITIVE (Doctrine v10/v11): shared agentic-RAG service (organ=immune).
COPY szl_rag.py ./szl_rag.py
COPY szl_wire.py ./szl_wire.py
COPY szl_dsse.py ./szl_dsse.py
COPY szl_provenance.py ./szl_provenance.py
COPY szl_jack.py ./szl_jack.py


# ADDITIVE (Yachay / Live 3D Wires, PURIQ Doctrine v12): COPY the live-wires
# module + host page + scene core so `import szl_live_wires` resolves in-container.
# Without these the register() call in the server silently fails and /live-wires
# falls through to the SPA shell. ADDITIVE ONLY. Sign: Yachay.
COPY szl_live_wires.py ./szl_live_wires.py
COPY live_wires.html ./live_wires.html
COPY live_wires_3d.js ./live_wires_3d.js

# ADDITIVE (Wire I): Rosie-companion module baked into the image. Yachay.
COPY szl_rosie_companion.py ./szl_rosie_companion.py
COPY serve.py ./serve.py
ENV PORT=7860
EXPOSE 7860

# ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay): real durable lmdb persistence
# + optional sqlite-vss vector recall (szl_unay degrades to honest cosine-fallback if
# the extension cannot load in the slim image). Never affects existing routes.
RUN pip install --no-cache-dir "lmdb>=1.4.0"
# sqlite-vss removed: no pre-built wheel for python:3.12-slim (P0 CI fix, Dev1 Rumi)
# szl_unay.py has honest fallback to cosine similarity when sqlite-vss .so cannot load
# ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay / Perplexity Computer Agent):
# explicit per-file COPY (this Dockerfile does not use `COPY . .`). serve.py imports
# szl_unay_routes and calls .register(app, ns="sentra") -> /api/sentra/v2/unay/* +
# /api/sentra/v2/khipu/lmdb/*. Real durable lmdb + real sqlite-vss honest fallback.
COPY szl_unay.py ./szl_unay.py
COPY szl_khipu_lmdb.py ./szl_khipu_lmdb.py
COPY szl_khipu_replicate.py ./szl_khipu_replicate.py
COPY szl_unay_routes.py ./szl_unay_routes.py
# ADDITIVE (Warhacker aliases, Yachay 2026-06-01): top-level /healthz + /khipu/* + /wires/D.
# Per-file COPY (no `COPY . .`) — without this `import szl_warhacker_aliases` fails.
COPY szl_warhacker_aliases.py ./szl_warhacker_aliases.py
# ADDITIVE (3D scene TABS, Yachay 2026-06-02): /threat-globe + /verdict-river as
# Three.js tabs fed by live /api/sentra/v1/{audit-log,gates}. Per-file COPY (no
# `COPY . .`) — without this `import sentra_v4_threat` silently fails and the
# routes fall through to the SPA shell. ADDITIVE; does NOT replace the front or
# the /console/ 8-gate experience. Doctrine v11 LOCKED 749/14/163.
COPY sentra_v4_threat.py ./sentra_v4_threat.py
# Re-COPY serve.py last so the route registrations above are baked in.
COPY serve.py ./serve.py
# ADDITIVE (V4 Fleet Panel + operator_shell_v4 fix, 2026-06-02, Dev2 Inti):
# explicit per-file COPY (this Dockerfile does not use COPY . .).
# Signed-off-by: Yachay <yachay@szlholdings.ai>
# Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai>
# operator_shell_v4.py: Unified Operator Shell v4 (was missing — caused HTML bleed-through)
# szl_v4_fleet.py: /api/health + /api/sentra/v4/fleet[/doctrine] + /fleet + /thesis
# web/v4_fleet_panel.html: canonical fleet panel
COPY operator_shell_v4.py ./operator_shell_v4.py
COPY szl_v4_fleet.py ./szl_v4_fleet.py
COPY web/v4_fleet_panel.html ./web/v4_fleet_panel.html


CMD ["python", "serve.py"]
