services:
  # ============================================================
  # Spore Node (FastAPI + koi-net)
  # ============================================================
  spore-node:
    build:
      context: ./node
      dockerfile: Dockerfile
    container_name: spore-node
    restart: unless-stopped
    environment:
      # Infisical
      INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID:?INFISICAL_CLIENT_ID must be set}
      INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET:?INFISICAL_CLIENT_SECRET must be set}
      INFISICAL_PROJECT_SLUG: spore-commons
      # Database (injected by Infisical, fallback for local dev)
      POSTGRES_HOST: spore-db
      POSTGRES_PORT: 5432
      POSTGRES_USER: spore
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-spore_dev_password}
      POSTGRES_DB: spore_commons
      # Redis
      REDIS_URL: redis://spore-redis:6379
      # Node config
      NODE_NAME: spore-commons
      NODE_PORT: 8351
      # AI (LiteLLM on ai-internal network)
      EMBEDDING_API_URL: http://litellm:4000
    volumes:
      - node_data:/data
    depends_on:
      spore-db:
        condition: service_healthy
      spore-redis:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.spore-commons.rule=Host(`commons.jeffemmett.com`)"
      - "traefik.http.routers.spore-commons.entrypoints=web"
      - "traefik.http.services.spore-commons.loadbalancer.server.port=8351"
      - "traefik.docker.network=traefik-public"
    networks:
      - spore-internal
      - traefik-public
      - ai-internal

  # ============================================================
  # PostgreSQL with pgvector
  # ============================================================
  spore-db:
    image: pgvector/pgvector:pg16
    container_name: spore-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: spore
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-spore_dev_password}
      POSTGRES_DB: spore_commons
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U spore -d spore_commons"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - spore-internal

  # ============================================================
  # Redis (job queue + federation relay)
  # ============================================================
  spore-redis:
    image: redis:7-alpine
    container_name: spore-redis
    restart: unless-stopped
    command: redis-server --appendonly yes
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - spore-internal

  # ============================================================
  # Spore Site (Quartz — governance knowledge garden)
  # ============================================================
  spore-site:
    build:
      context: ./site
      dockerfile: Dockerfile
    container_name: spore-site
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.spore-site.rule=Host(`spore.jeffemmett.com`)"
      - "traefik.http.routers.spore-site.entrypoints=web"
      - "traefik.http.services.spore-site.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik-public"
    networks:
      - traefik-public

volumes:
  node_data:
  postgres_data:
  redis_data:

networks:
  spore-internal:
    driver: bridge
  traefik-public:
    external: true
  ai-internal:
    external: true