FROM node:26-trixie

ENV NPM_CONFIG_UPDATE_NOTIFIER=false \
  NPM_CONFIG_LOGLEVEL=warn \
  NODE_ENV=production

RUN apt-get update && \
    apt-get upgrade -y --no-install-recommends ca-certificates && \
    rm -rf /var/lib/apt/lists/* && \
    set -eux; \
    userdel -r node; \
    groupadd -g 1000 opencode; \
    useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \
    npm update -g --no-fund --no-audit && \
    npm install -g --no-fund --no-audit opencode-ai n2-soul@9.0.9 && \
    npm cache clean --force && \
    chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/

COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach
COPY --from=registry.k8s.io/kubectl:v1.36.1 /bin/kubectl /usr/local/bin/kubectl

USER opencode
WORKDIR /home/opencode

RUN opencode --version

ENTRYPOINT ["opencode"]
