# psyc platform image — cockpit + CLI + workers. No GPU, no model.
# (The fine-tuned model runs separately; see Dockerfile.train + serve_model.py.)
#
# Build:  docker build -t psyc:latest .
# Run:    docker compose up -d
#
# psyc has NO built-in authentication — deploy behind the company reverse
# proxy / SSO / VPN, or firewall the ports to the SOC subnet. See docs/deploy.md.

FROM python:3.12-slim

ENV PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PSYC_DATA_DIR=/data

WORKDIR /app
COPY pyproject.toml ./
COPY src/ ./src/
RUN pip install .

VOLUME /data
EXPOSE 8767 8770

# Default service is the cockpit; docker-compose overrides the command for mock-cert.
CMD ["psyc", "serve", "--host", "0.0.0.0", "--port", "8767"]
