# Add specific sha
FROM node:22.16-alpine3.21

ENV LOG_LEVEL="info"
ENV LUNAR_CONSUMER_TAG="anonymous"
ENV LUNAR_URL=""
ENV LUNAR_API_KEY=""
ENV WEBSERVER_URL="http://host.docker.internal:9001"

# Exclude specific destinations from interception
# This is a comma-separated list of domains that should not be intercepted.
# It is used to prevent interception when loading mcp servers.
ENV EXCLUDED_DESTINATIONS="dl-cdn.alpinelinux.org,deb.debian.org,security.debian.org,registry.npmjs.org,auth.docker.io,registry-1.docker.io,production.cloudflare.docker.com,mcpx-ui,files.pythonhosted.org,pypi.org,archive.ubuntu.com,security.ubuntu.com,mirrors.ubuntu.com,mirrorlist.centos.org,mirror.centos.org,vault.centos.org,cdn.redhat.com,access.redhat.com,mirrors.fedoraproject.org" 

ENV INTERCEPTION_USER=lunar_interception
ENV INTERCEPTION_USER_UID=1001
ENV INTERCEPTION_USER_GID=1001

ENV LUNAR_USER=lunar
ENV LUNAR_USER_UID=1002
ENV LUNAR_USER_GID=1002

ENV SHARED_GROUP_NAME=lunar_group
ENV SHARED_GROUP_GID=1050

ENV MITM_PROXY_CONF_DIR=/home/${INTERCEPTION_USER}/.proxy

RUN apk add --no-cache \
    python3 \
    uv \
    curl \
    iptables \
    ipset \
    libcap \
    su-exec \
    ca-certificates \
    procps \
    mitmproxy \
    docker
    
WORKDIR /mcpx

# MCPX Server
COPY ./packages/mcpx-server/src packages/mcpx-server/src
COPY ./packages/mcpx-server/tsconfig.json packages/mcpx-server/tsconfig.json
COPY ./packages/mcpx-server/package.json packages/mcpx-server/package.json

# Internal dependencies
COPY ./packages/shared-model packages/shared-model
COPY ./packages/toolkit-core packages/toolkit-core

COPY ./package.json ./package.json
COPY ./package-lock.json ./package-lock.json

# Interception
COPY ./packages/mcpx-server/interception-setup/scripts/entrypoint.sh /usr/local/bin/entrypoint.sh
COPY ./packages/mcpx-server/interception-setup/scripts/lunar_selective_addon.py /opt/lunar_selective_addon.py

RUN npm install
RUN npm run build:deps 

WORKDIR /mcpx/packages/mcpx-server
RUN npm install
RUN npm run build

RUN chmod +x /usr/local/bin/entrypoint.sh

RUN \
    addgroup -g ${LUNAR_USER_GID} -S ${LUNAR_USER} && \
    addgroup -g ${INTERCEPTION_USER_GID} -S ${INTERCEPTION_USER} && \
    addgroup -g ${SHARED_GROUP_GID} -S ${SHARED_GROUP_NAME} && \
    adduser -u ${LUNAR_USER_UID} -S -D -G ${LUNAR_USER} -h /home/${LUNAR_USER} -s /sbin/nologin ${LUNAR_USER} && \
    adduser -u ${INTERCEPTION_USER_UID} -S -D -G ${INTERCEPTION_USER} -h /home/${INTERCEPTION_USER} -s /sbin/nologin ${INTERCEPTION_USER} && \
    addgroup ${LUNAR_USER} ${SHARED_GROUP_NAME} && \
    addgroup ${INTERCEPTION_USER} ${SHARED_GROUP_NAME}  && \
    mkdir -p /home/${LUNAR_USER} && \
    mkdir -p /home/${INTERCEPTION_USER} && \
    mkdir -p ${MITM_PROXY_CONF_DIR} && \
    mkdir -p /var/log/${LUNAR_USER} && \
    chown -R ${LUNAR_USER}:${LUNAR_USER} /home/${LUNAR_USER} && \
    chown -R ${INTERCEPTION_USER}:${INTERCEPTION_USER} /home/${INTERCEPTION_USER} &&  \
    chown -R root:${SHARED_GROUP_NAME} /var/log/${LUNAR_USER}

EXPOSE 9000

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["npm", "run", "serve"]
