name: capakraken

services:
  postgres:
    image: postgres:16-alpine
    ports:
      - "5433:5432"
    environment:
      POSTGRES_DB: capakraken
      POSTGRES_USER: capakraken
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env (any non-empty value for local dev)}
    command: >
      postgres
      -c log_connections=on
      -c log_disconnections=on
      -c log_statement=ddl
      -c log_line_prefix='%t [%p] %u@%d '
      -c log_min_duration_statement=1000
    volumes:
      - capakraken_pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U capakraken -d capakraken"]
      interval: 5s
      timeout: 3s
      retries: 5

  redis:
    image: redis:7-alpine
    ports:
      - "6380:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 5

  mailhog:
    image: mailhog/mailhog
    ports:
      - "1025:1025"   # SMTP
      - "8025:8025"   # HTTP API / Web UI

  pgadmin:
    image: dpage/pgadmin4
    ports:
      - "5050:80"
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_EMAIL:-admin@capakraken.dev}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_PASSWORD:?PGADMIN_PASSWORD must be set}
    depends_on:
      postgres:
        condition: service_healthy

  app:
    build:
      context: .
      dockerfile: Dockerfile.dev
    ports:
      - "3100:3100"
    environment:
      # Always use the Docker-internal service name. The host-level DATABASE_URL
      # (localhost:5433) must not bleed into the container where "localhost" is
      # the container itself, not the host.
      DATABASE_URL: postgresql://capakraken:${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD}@postgres:5432/capakraken
      REDIS_URL: redis://redis:6379
      NEXTAUTH_URL: ${NEXTAUTH_URL:?NEXTAUTH_URL must be set (e.g. https://your-domain.com)}
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?set NEXTAUTH_SECRET}
      # Bypass auth + API rate limiters for E2E test runs only.
      # MUST remain "false" in any production or staging deployment.
      # Set E2E_TEST_MODE=true in the host environment before running E2E tests.
      E2E_TEST_MODE: "${E2E_TEST_MODE:-false}"
      # AI provider secrets — forwarded from host .env, not hardcoded
      AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY:-}
      OPENAI_API_KEY: ${OPENAI_API_KEY:-}
      GEMINI_API_KEY: ${GEMINI_API_KEY:-}
      # SMTP — inside Docker the app must reach Mailhog via the service name.
      # SMTP_HOST is hardcoded to "mailhog" here; the host .env value (localhost)
      # is only relevant for `pnpm dev` (non-Docker).
      SMTP_HOST: mailhog
      SMTP_PORT: ${SMTP_PORT:-1025}
      SMTP_USER: ${SMTP_USER:-}
      SMTP_FROM: ${SMTP_FROM:-noreply@capakraken.dev}
      SMTP_TLS: ${SMTP_TLS:-false}
      SMTP_PASSWORD: ${SMTP_PASSWORD:-}
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    volumes:
      - .:/app
      # Named volumes mask the bind-mount for generated/installed artefacts.
      # Named (not anonymous) so they can be selectively removed: docker volume rm capakraken_node_modules
      - capakraken_node_modules:/app/node_modules
      - capakraken_next:/app/apps/web/.next
    profiles:
      - full

  postgres-test:
    image: postgres:16-alpine
    ports:
      - "${POSTGRES_TEST_PORT:-5434}:5432"
    environment:
      POSTGRES_DB: capakraken_test
      POSTGRES_USER: capakraken
      POSTGRES_PASSWORD: capakraken_test
    tmpfs:
      - /var/lib/postgresql/data
    profiles:
      - test

volumes:
  capakraken_pgdata:
    name: capakraken_pgdata
  capakraken_node_modules:
    name: capakraken_node_modules
  capakraken_next:
    name: capakraken_next