version: '3.8'

services:
  aegis-mcp:
    build:
      context: ..
      dockerfile: docker/Dockerfile
    container_name: aegis-gitea-mcp
    restart: unless-stopped
    
    environment:
      # Gitea configuration (REQUIRED)
      GITEA_URL: ${GITEA_URL}
      GITEA_TOKEN: ${GITEA_TOKEN}
      
      # MCP server configuration
      MCP_HOST: ${MCP_HOST:-0.0.0.0}
      MCP_PORT: ${MCP_PORT:-8080}
      
      # Logging configuration
      LOG_LEVEL: ${LOG_LEVEL:-INFO}
      AUDIT_LOG_PATH: ${AUDIT_LOG_PATH:-/var/log/aegis-mcp/audit.log}
      
      # Security configuration
      MAX_FILE_SIZE_BYTES: ${MAX_FILE_SIZE_BYTES:-1048576}
      REQUEST_TIMEOUT_SECONDS: ${REQUEST_TIMEOUT_SECONDS:-30}
      RATE_LIMIT_PER_MINUTE: ${RATE_LIMIT_PER_MINUTE:-60}
    
    ports:
      - "${MCP_PORT:-8080}:8080"
    
    volumes:
      # Persist audit logs
      - aegis-mcp-logs:/var/log/aegis-mcp
      # Optional: mount config file
      # - ./.env:/app/.env:ro
    
    networks:
      - aegis-network
    
    # Security options
    security_opt:
      - no-new-privileges:true
    
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 128M
    
    healthcheck:
      test: ["CMD", "python", "-c", "import httpx; httpx.get('http://localhost:8080/health')"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

volumes:
  aegis-mcp-logs:
    driver: local

networks:
  aegis-network:
    driver: bridge