# AgentOS production deployment
#
# Usage:
#   docker compose -f deploy/docker-compose.yml up
#
# Requires:
#   - organism.yaml mounted at /config/organism.yaml
#   - API keys passed as environment variables

services:
  organism:
    build:
      context: ..
      dockerfile: Dockerfile
    container_name: agentos
    restart: unless-stopped

    ports:
      - "8080:8080"     # Agent bus (public-facing)
      - "9090:9090"     # Management plane (bind to localhost in production)

    volumes:
      - ./organism.yaml:/config/organism.yaml:ro
      - organism-data:/data

    environment:
      - ORGANISM_MODE=container
      - AGENT_PORT=8080
      - MANAGEMENT_PORT=9090

    env_file:
      - .env

    # Security hardening
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    read_only: true
    tmpfs:
      - /tmp:size=64M

    # Resource limits
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: "2.0"
        reservations:
          memory: 512M
          cpus: "0.5"

    healthcheck:
      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health')"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 15s

  # Optional: Redis for distributed key-value store
  redis:
    image: redis:7-alpine
    container_name: agentos-redis
    restart: unless-stopped
    profiles: ["redis"]

    ports:
      - "6379:6379"

    volumes:
      - redis-data:/data

    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
    read_only: true

    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 3s
      retries: 3

volumes:
  organism-data:
  redis-data: