# Dockerfile.stage — Stage build: landing server + soul-demo in one image.
#
# Both processes run in the same container:
#   - neuron-web  on port 8080 (landing page server)
#   - soul-demo   on port 7772 (demo chat, localhost only)
#
# neuron-web is built by `elb build` in CI (not here). elb compiles each
# .el source independently and links the result — no combined mega-file,
# no exponential memory growth. The binary lands at dist/neuron-landing
# (linux/amd64) and is COPY'd directly into the runtime image.
#
# soul-demo.c is pre-committed (small, no OOM risk) and compiled here.

# ── Stage 1: compile soul-demo ────────────────────────────────────────────────
FROM debian:bookworm-slim AS builder

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
        build-essential \
        libcurl4-openssl-dev \
        libssl-dev \
        ca-certificates \
 && rm -rf /var/lib/apt/lists/*

WORKDIR /build

COPY runtime/el_runtime.c runtime/el_runtime.h ./
RUN cc -O2 -c el_runtime.c -I. -o el_runtime.o

COPY dist/soul-demo.c dist/vessel_stubs.c ./

RUN cc -O2 -rdynamic \
       -o soul-demo \
       soul-demo.c vessel_stubs.c el_runtime.o \
       -lcurl -lpthread -ldl -lm -lssl -lcrypto

# ── Stage 2: runtime image ────────────────────────────────────────────────────
FROM debian:bookworm-slim

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
        libcurl4 \
        libssl3 \
        ca-certificates \
 && rm -rf /var/lib/apt/lists/* \
 && groupadd -r landing && useradd -r -g landing landing \
 && mkdir -p /srv/landing/assets /srv/landing/js /srv/landing/shares \
 && mkdir -p /srv/soul/engram-demo \
 && chown -R landing:landing /srv/landing /srv/soul

# neuron-web binary — produced by `elb build` in CI (linux/amd64)
COPY dist/neuron-landing /usr/local/bin/neuron-web
RUN chmod +x /usr/local/bin/neuron-web

COPY --from=builder /build/soul-demo /usr/local/bin/soul-demo

# Engram snapshot — baked in so soul has memory from cold start
COPY dist/engram-snapshot.json /srv/soul/engram-demo/snapshot.json

COPY src/assets /srv/landing/assets
COPY dist/js    /srv/landing/js
COPY src/llms.txt /srv/landing/llms.txt
# Pre-rendered HTML shells (about, terms, enterprise-terms, index) used as
# fallback when the El page-builder hasn't been seeded yet at startup.
# chown to the landing user so the El runtime's fs_write at startup can
# rewrite them with the freshly-rendered page (extracted JS asset paths,
# updated chat widget, etc.). Without this they stay as their COPY'd root-
# owned shells and the served HTML never reflects post-COPY source edits.
COPY src/about.html src/terms.html src/enterprise-terms.html src/index.html /srv/landing/
RUN chown landing:landing /srv/landing/about.html /srv/landing/terms.html /srv/landing/enterprise-terms.html /srv/landing/index.html /srv/landing/llms.txt

COPY dist/entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

ENV LANDING_ROOT=/srv/landing
ENV PORT=8080
ENV NEURON_HOME=/srv/soul/engram-demo
ENV NEURON_PORT=7772

USER landing
EXPOSE 8080

CMD ["/usr/local/bin/entrypoint.sh"]