# Dockerfile.stage — Stage build: landing server + soul-demo in one image.
#
# Both processes run in the same container:
#   - neuron-web  on port 8080 (landing page server)
#   - soul-demo   on port 7772 (demo chat, localhost only)
#
# bootstrap.py is no longer in the build path. The host-side build-stage.sh
# pre-compiles src/*.el → dist/main.c using the canonical native elc and
# applies the stub forward-declaration sed before this Dockerfile runs.
# The image just compiles the finished C source.

# ── Stage 1: compile both binaries ────────────────────────────────────────────
FROM debian:bookworm-slim AS builder

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
        build-essential \
        libcurl4-openssl-dev \
        libssl-dev \
        ca-certificates \
 && rm -rf /var/lib/apt/lists/*

WORKDIR /build

# El runtime (shared by both binaries)
COPY runtime/el_runtime.c runtime/el_runtime.h ./

# Pre-compile el_runtime as a separate cached layer.
# el_runtime.c changes rarely; main.c changes every run.
# Splitting this out means el_runtime.o is cached across builds when only main.c changes.
RUN cc -O2 -c el_runtime.c -I. -o el_runtime.o

# ── Build neuron-web ──────────────────────────────────────────────────────────
#
# main.c was generated on the host by build-stage.sh from src/*.el via the
# native elc compiler. Stub forward-declarations were already injected on
# the host side, so this stage is a straight cc invocation.
COPY dist/web_stubs.c ./
COPY dist/main.c ./

RUN cc -O2 -rdynamic \
       -o neuron-web \
       main.c web_stubs.c el_runtime.o \
       -lcurl -lpthread -ldl -lm -lssl -lcrypto

# ── Build soul-demo ───────────────────────────────────────────────────────────
COPY dist/soul-demo.c ./
COPY dist/vessel_stubs.c ./

RUN cc -O2 -rdynamic \
       -o soul-demo \
       soul-demo.c vessel_stubs.c el_runtime.o \
       -lcurl -lpthread -ldl -lm -lssl -lcrypto

# ── Stage 2: runtime image ────────────────────────────────────────────────────
FROM debian:bookworm-slim

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
        libcurl4 \
        libssl3 \
        ca-certificates \
 && rm -rf /var/lib/apt/lists/* \
 && groupadd -r landing && useradd -r -g landing landing \
 && mkdir -p /srv/landing/assets /srv/landing/js /srv/landing/shares \
 && mkdir -p /srv/soul/engram-demo \
 && chown -R landing:landing /srv/landing /srv/soul

COPY --from=builder /build/neuron-web /usr/local/bin/neuron-web
COPY --from=builder /build/soul-demo  /usr/local/bin/soul-demo

# Engram snapshot — baked in so soul has memory from cold start
COPY dist/engram-snapshot.json /srv/soul/engram-demo/snapshot.json

COPY src/assets /srv/landing/assets
COPY dist/js    /srv/landing/js
COPY src/llms.txt /srv/landing/llms.txt
# Pre-rendered HTML shells (about, terms, enterprise-terms, index) used as
# fallback when the El page-builder hasn't been seeded yet at startup.
# chown to the landing user so the El runtime's fs_write at startup can
# rewrite them with the freshly-rendered page (extracted JS asset paths,
# updated chat widget, etc.). Without this they stay as their COPY'd root-
# owned shells and the served HTML never reflects post-COPY source edits.
COPY src/about.html src/terms.html src/enterprise-terms.html src/index.html /srv/landing/
RUN chown landing:landing /srv/landing/about.html /srv/landing/terms.html /srv/landing/enterprise-terms.html /srv/landing/index.html /srv/landing/llms.txt

COPY dist/entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

ENV LANDING_ROOT=/srv/landing
ENV PORT=8080
ENV NEURON_HOME=/srv/soul/engram-demo
ENV NEURON_PORT=7772

USER landing
EXPOSE 8080

CMD ["/usr/local/bin/entrypoint.sh"]