# =============================================
# DeepAudit Docker Compose 配置 (Dify Style)
# =============================================

# 共享环境变量定义
x-shared-env:
  # 基础信息
  &shared-env
  PROJECT_NAME: DeepAudit
  SECRET_KEY: ${SECRET_KEY}
  ALGORITHM: ${ALGORITHM:-HS256}
  # 数据库
  POSTGRES_SERVER: ${POSTGRES_SERVER:-db}
  POSTGRES_USER: ${POSTGRES_USER:-postgres}
  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
  POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
  # LLM
  LLM_PROVIDER: ${LLM_PROVIDER:-openai}
  LLM_MODEL: ${LLM_MODEL:-qwen3-coder-flash}
  LLM_API_KEY: ${LLM_API_KEY}
  LLM_BASE_URL: ${LLM_BASE_URL}
  LLM_TIMEOUT: ${LLM_TIMEOUT:-300}
  LLM_TEMPERATURE: ${LLM_TEMPERATURE:-0.7}
  LLM_MAX_TOKENS: ${LLM_MAX_TOKENS:-32768}
  LLM_CONCURRENCY: ${LLM_CONCURRENCY:-20}
  LLM_GAP_MS: ${LLM_GAP_MS:-0}
  # LLM 各平台独立配置
  OPENAI_API_KEY: ${OPENAI_API_KEY}
  OPENAI_BASE_URL: ${OPENAI_BASE_URL}
  GEMINI_API_KEY: ${GEMINI_API_KEY}
  CLAUDE_API_KEY: ${CLAUDE_API_KEY}
  QWEN_API_KEY: ${QWEN_API_KEY}
  DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY}
  ZHIPU_API_KEY: ${ZHIPU_API_KEY}
  MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
  BAIDU_API_KEY: ${BAIDU_API_KEY}
  MINIMAX_API_KEY: ${MINIMAX_API_KEY}
  DOUBAO_API_KEY: ${DOUBAO_API_KEY}
  OLLAMA_BASE_URL: ${OLLAMA_BASE_URL}
  # Agent & Redis
  AGENT_ENABLED: ${AGENT_ENABLED:-true}
  AGENT_MAX_ITERATIONS: ${AGENT_MAX_ITERATIONS:-5}
  AGENT_TIMEOUT: ${AGENT_TIMEOUT:-1800}
  REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
  # Embedding
  EMBEDDING_PROVIDER: ${EMBEDDING_PROVIDER:-openai}
  EMBEDDING_MODEL: ${EMBEDDING_MODEL:-text-embedding-v4}
  EMBEDDING_DIMENSION: ${EMBEDDING_DIMENSION:-1024}
  EMBEDDING_API_KEY: ${EMBEDDING_API_KEY}
  EMBEDDING_BASE_URL: ${EMBEDDING_BASE_URL}
  # 向量数据库
  VECTOR_DB_TYPE: ${VECTOR_DB_TYPE:-chroma}
  CHROMA_PERSIST_DIRECTORY: ${CHROMA_PERSIST_DIRECTORY:-./data/chroma}
  # Gitea
  GITEA_HOST_URL: ${GITEA_HOST_URL}
  GITEA_TOKEN: ${GITEA_TOKEN}
  GITEA_BOT_TOKEN: ${GITEA_BOT_TOKEN}
  GITEA_WEBHOOK_SECRET: ${GITEA_WEBHOOK_SECRET}
  # 沙箱
  SANDBOX_MEMORY_LIMIT: ${SANDBOX_MEMORY_LIMIT:-512m}
  SANDBOX_CPU_LIMIT: ${SANDBOX_CPU_LIMIT:-1.0}
  SANDBOX_TIMEOUT: ${SANDBOX_TIMEOUT:-30}

services:
  # =============================================
  # 核心基础服务
  # =============================================

  db:
    image: postgres:15-alpine
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
      POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
    ports:
      - "5432:5432"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  backend:
    build:
      context: ./backend
    image: code-review:backend
    restart: unless-stopped
    # 允许容器通过 host.docker.internal 访问宿主机
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - backend_uploads:/app/uploads
      - chroma_data:/app/data/vector_db
      - ci_workspace:/app/data/ci_workspace
      - ci_vectordb:/app/data/ci_vectordb
      - /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
    ports:
      - "8000:8000"
    env_file:
      - .env
    environment:
      <<: *shared-env
      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-deepaudit}
      SANDBOX_ENABLED: ${SANDBOX_ENABLED:-true}
      SANDBOX_IMAGE: ${SANDBOX_IMAGE:-deepaudit/sandbox:latest}
      OUTPUT_LANGUAGE: ${OUTPUT_LANGUAGE:-zh-CN}
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - deepaudit-network

  frontend:
    build:
      context: ./frontend
    image: code-review:frontend
    restart: unless-stopped
    volumes:
      # - ./frontend/dist:/usr/share/nginx/html:ro  # 挂载构建产物，本地 pnpm build 后自动生效，在dockerfile中已经COPY了
      - ./frontend/nginx.conf:/etc/nginx/conf.d/default.conf:ro # 挂载 nginx 配置
    ports:
      - "83:80" # Nginx 监听 80 端口
    environment:
      VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api/v1}
      VITE_APP_ID: ${VITE_APP_ID:-deepaudit}
    depends_on:
      - backend
    networks:
      - deepaudit-network

  # =============================================
  # Agent 服务必须组件
  # =============================================

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "${REDIS_PORT:-6379}:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  # 沙箱镜像构建服务 (漏洞验证必须)
  # 注意: 此服务仅用于构建镜像，构建完成后自动退出
  sandbox:
    build:
      context: ./docker/sandbox
      dockerfile: Dockerfile
    image: code-review:sandbox
    restart: "no"
    command: echo "Sandbox image built successfully"

networks:
  deepaudit-network:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-deepaudit # 指定宿主机网卡名称

volumes:
  postgres_data:
  backend_uploads:
  chroma_data:
  ci_workspace:
  ci_vectordb:
  redis_data: