services:
  project-agent:
    build: .
    container_name: project-agent
    restart: unless-stopped

    env_file:
      - .env

    environment:
      TZ: Europe/Moscow
      AGENT_REPOS_DIR: /repos
      AGENT_STATE_DIR: /state
      AGENT_LOG_DIR: /logs
      AGENT_ALLOW_GIT_PUSH: "false"
      AGENT_ALLOW_DELETE: "false"
      AGENT_ALLOW_JENKINS_BUILD: "false"

    volumes:
      - ./app:/app
      - ./repos:/repos
      - ./state:/state
      - ./logs:/logs
      - ./ssh:/home/agent/.ssh

    ports:
      - "127.0.0.1:8787:8787"

    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - ai-internal
    cap_drop:
      - NET_RAW
      - NET_ADMIN

    security_opt:
      - no-new-privileges:true

    user: "1000:1000"
    working_dir: /app

    command: ["uvicorn", "project_agent.server:app", "--host", "0.0.0.0", "--port", "8787"]
networks:
  ai-internal:
    external: true