# =============================================================================
# AASRT - AI Agent Security Reconnaissance Tool
# Docker Compose Configuration for Production Deployment
# =============================================================================
#
# Usage:
#   docker-compose up -d              # Start all services
#   docker-compose up -d aasrt        # Start only AASRT (SQLite mode)
#   docker-compose logs -f aasrt      # View logs
#   docker-compose down               # Stop all services
#
# Environment:
#   Copy .env.example to .env and configure your settings before starting.
#
# =============================================================================

services:
  # ---------------------------------------------------------------------------
  # AASRT Web Application (Streamlit)
  # ---------------------------------------------------------------------------
  aasrt:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: aasrt-web
    restart: unless-stopped
    ports:
      - "${STREAMLIT_SERVER_PORT:-8501}:8501"
    environment:
      # Shodan API (Required)
      - SHODAN_API_KEY=${SHODAN_API_KEY}
      # Application settings
      - AASRT_ENVIRONMENT=${AASRT_ENVIRONMENT:-production}
      - AASRT_LOG_LEVEL=${AASRT_LOG_LEVEL:-INFO}
      - AASRT_DEBUG=${AASRT_DEBUG:-false}
      # Rate limiting
      - AASRT_MAX_SCANS_PER_HOUR=${AASRT_MAX_SCANS_PER_HOUR:-10}
      - AASRT_SCAN_COOLDOWN=${AASRT_SCAN_COOLDOWN:-30}
      # Database (use PostgreSQL in production)
      - DB_TYPE=${DB_TYPE:-sqlite}
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=${DB_NAME:-aasrt}
      - DB_USER=${DB_USER:-aasrt}
      - DB_PASSWORD=${DB_PASSWORD}
      # ClawSec integration
      - CLAWSEC_ENABLED=${CLAWSEC_ENABLED:-false}
      - CLAWSEC_API_KEY=${CLAWSEC_API_KEY:-}
    volumes:
      # Persist data
      - aasrt-data:/app/data
      - aasrt-logs:/app/logs
      - aasrt-reports:/app/reports
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8501/_stcore/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    networks:
      - aasrt-network

  # ---------------------------------------------------------------------------
  # PostgreSQL Database (Production)
  # ---------------------------------------------------------------------------
  postgres:
    image: postgres:16-alpine
    container_name: aasrt-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${DB_USER:-aasrt}
      - POSTGRES_PASSWORD=${DB_PASSWORD:?Database password required}
      - POSTGRES_DB=${DB_NAME:-aasrt}
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-aasrt} -d ${DB_NAME:-aasrt}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    networks:
      - aasrt-network
    # Security: Only accessible from internal network
    expose:
      - "5432"

# =============================================================================
# Networks
# =============================================================================
networks:
  aasrt-network:
    driver: bridge

# =============================================================================
# Volumes
# =============================================================================
volumes:
  aasrt-data:
    driver: local
  aasrt-logs:
    driver: local
  aasrt-reports:
    driver: local
  postgres-data:
    driver: local