# Gateway RAR AUTOPASS — un container API + un container worker, acelasi image,
# acelasi volum SQLite persistent (plan.md sect. 4 + 9). restart: always pe ambele.
#
# CRITIC: AUTOPASS_CREDS_KEY trebuie PARTAJATA intre api si worker — API cripteaza
# creds-urile RAR, worker-ul le decripteaza. Chei diferite -> worker nu poate
# decripta -> submission-uri blocate "creds indisponibile". Seteaz-o in .env
# (vezi .env.example): compose o citeste automat. Lipsa -> compose pica explicit.
services:
  api:
    build: .
    command: uvicorn app.main:app --host 0.0.0.0 --port 8010
    volumes:
      - autopass-data:/data
    environment:
      AUTOPASS_DB_PATH: /data/autopass.db
      AUTOPASS_RAR_ENV: prod
      # Fus orar RO pentru bucketarea contoarelor azi/luna (SQLite 'localtime', E7).
      TZ: ${TZ:-Europe/Bucharest}
      AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
      AUTOPASS_REQUIRE_API_KEY: ${AUTOPASS_REQUIRE_API_KEY:-false}
      # Embeddings (sugestie mapare, Stratul 2): prima cerere /mapari lazy-load-eaza
      # modelul ~230MB. Doar API-ul il incarca (worker-ul nu). Default off.
      AUTOPASS_EMBEDDINGS_ENABLED: ${AUTOPASS_EMBEDDINGS_ENABLED:-false}
    restart: always
    healthcheck:
      test: ["CMD", "python", "-c", "import urllib.request,sys; sys.exit(0 if urllib.request.urlopen('http://localhost:8010/healthz').status==200 else 1)"]
      interval: 30s
      timeout: 5s
      retries: 3

  worker:
    build: .
    command: python -m app.worker
    volumes:
      - autopass-data:/data
    environment:
      AUTOPASS_DB_PATH: /data/autopass.db
      AUTOPASS_RAR_ENV: test
      AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
      # Send dezactivat by default; activeaza pentru proba end-to-end.
      AUTOPASS_WORKER_SEND_ENABLED: "true"
    restart: always
    depends_on:
      - api
    # T6: probe pe heartbeat-ul din DB — prinde worker-ul AGATAT (proces viu, beat
    # invechit), pe care restart:always singur nu-l vede. start_period acopera bootul.
    # ATENTIE: in compose simplu, "unhealthy" doar marcheaza containerul — NU il
    # restarteaza (restart:always reactioneaza la EXIT). Sidecar-ul `autoheal` de
    # mai jos vede label-ul si chiar restarteaza worker-ul cand pica probe-ul.
    labels:
      autoheal: "true"
    healthcheck:
      test: ["CMD", "python", "-m", "app.worker.healthcheck"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s

  # Restarteaza orice container marcat unhealthy cu label autoheal=true (worker-ul
  # agatat). Alternativa: Docker Swarm (restart on unhealthy nativ).
  autoheal:
    image: willfarrell/autoheal:latest
    restart: always
    environment:
      AUTOHEAL_CONTAINER_LABEL: autoheal
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

volumes:
  autopass-data: