FROM node:24-trixie@sha256:f072159a6b98a624e09f2c4815fe473217fc019a97524fd593059c8a4ad5a05d

ENV NPM_CONFIG_UPDATE_NOTIFIER=false \
  NPM_CONFIG_LOGLEVEL=warn \
  NODE_ENV=production

RUN apt-get update && \
    apt-get upgrade -y --no-install-recommends ca-certificates && \
    rm -rf /var/lib/apt/lists/* && \
    set -eux; \
    userdel -r node; \
    groupadd -g 1000 opencode; \
    useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \
    npm update -g --no-fund --no-audit && \
    npm install -g --no-fund --no-audit opencode-ai n2-soul@9.0.9 && \
    npm cache clean --force && \
    chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/

COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach
COPY --from=registry.k8s.io/kubectl:v1.36.1@sha256:d08f476d04d0e30f426f06bc6ff6c38913aaa4591943046b77e2f74a72d3611c /bin/kubectl /usr/local/bin/kubectl

USER opencode
WORKDIR /home/opencode

RUN opencode --version

ENTRYPOINT ["opencode"]
