# syntax=docker/dockerfile:1
# Hermes Agent with Chromium -- local browser tool support
# Based on python:3.11-slim for minimal footprint.
# Chromium installed via apt-get for system-level browser automation.
#
# Build:
#   docker build -t hermes-agent:chromium .
#
# Environment variables:
#   CHROME_EXECUTABLE  -- path to the Chromium binary

# ---------- Base image ----------
FROM python:3.11-slim

ENV DEBIAN_FRONTEND=noninteractive
ENV PYTHONUNBUFFERED=1

# ---------- System dependencies for Chromium ----------
# The minimum set required to run headless Chromium on Linux.
# python:3.11-slim is Debian Bookworm (12) -- package names without t64 suffix.
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        # Chromium and its launcher
        chromium \
        chromium-common \
        chromium-sandbox \
        # Font rendering for proper page rendering
        fonts-liberation \
        fonts-noto-color-emoji \
        fonts-dejavu-core \
        # System libraries required by Chromium at runtime
        libnss3 \
        libnspr4 \
        libatk1.0-0 \
        libatk-bridge2.0-0 \
        libcups2 \
        libdrm2 \
        libxdamage1 \
        libxfixes3 \
        libxcomposite1 \
        libxrandr2 \
        libgbm1 \
        libpango-1.0-0 \
        libcairo2 \
        libasound2 \
        libxkbcommon0 \
        libxshmfence1 \
        # Virtual framebuffer for headless operation
        xvfb \
        # Process supervisor for orphan reaping
        tini \
        # Git for Hermes source operations
        git \
        # SSL certificates for HTTPS connections
        ca-certificates \
        # Curl for health checks
        curl \
    && rm -rf /var/lib/apt/lists/*

# ---------- Hermes Agent installation ----------
# Install uv (fast Python package manager)
COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uvx /usr/local/bin/uvx

# Create hermes user (non-root runtime)
RUN useradd -u 10000 -m -d /opt/data hermes

# Install Hermes Agent from PyPI with gateway support for messaging
RUN uv pip install --system --no-cache-dir \
        'hermes-agent[gateway]' \
        croniter && \
    uv cache clean

# Create the /opt/hermes directory structure expected by entrypoint
RUN mkdir -p /opt/hermes/.venv/bin && \
    mkdir -p /opt/hermes/docker && \
    ln -sf /usr/local/bin/uv /opt/hermes/.venv/bin/uv && \
    ln -sf /usr/local/bin/uvx /opt/hermes/.venv/bin/uvx

# ---------- Entrypoint script ----------
COPY entrypoint.sh /opt/hermes/docker/entrypoint.sh
RUN chmod +x /opt/hermes/docker/entrypoint.sh

# ---------- Environment variables ----------
# Point browser tool to system Chromium (installed via apt-get)
ENV CHROME_EXECUTABLE=/usr/bin/chromium

# Hermes paths
ENV HERMES_HOME=/opt/data
ENV PATH="/opt/data/.local/bin:${PATH}"

# Playwright browsers path (for agent-browser install at runtime)
ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright

# Virtual framebuffer display for headless Chromium
ENV DISPLAY=:99

# ---------- Data volume ----------
VOLUME [ "/opt/data" ]

# ---------- Runtime ----------
USER hermes
WORKDIR /opt/data

ENTRYPOINT [ "/opt/hermes/docker/entrypoint.sh" ]
CMD [ "gateway", "run" ]