# ──────────────────────────────────────────────
# SF Docker Sandbox Template
# Base: docker/sandbox-templates:shell
# Purpose: Isolated environment for SF auto mode
# Usage: docker sandbox create --template ./docker
# ──────────────────────────────────────────────
FROM node:24-bookworm-slim

# System dependencies required by SF
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    curl \
    ca-certificates \
    openssh-client \
    gosu \
    && rm -rf /var/lib/apt/lists/*

# Install SF globally — version controlled via build arg
ARG SF_VERSION=latest
RUN npm install -g sf-run@${SF_VERSION}

# Create non-root user for sandbox isolation
RUN groupadd --gid 1000 sf \
    && useradd --uid 1000 --gid sf --shell /bin/bash --create-home sf

# Persistent SF state directory
RUN mkdir -p /home/sf/.sf && chown -R sf:sf /home/sf/.sf

# Workspace directory — synced from host via Docker sandbox
WORKDIR /workspace
RUN chown sf:sf /workspace

# Entrypoint handles UID/GID remapping, bootstrap, and drops to sf user
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
COPY bootstrap.sh /usr/local/bin/bootstrap.sh
RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/bootstrap.sh

# Expose default SF web UI port
EXPOSE 3000

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["sf", "--help"]