Dockerfile

# syntax=docker/dockerfile:1
# Hugging Face Space (Docker SDK) image for the Next.js Query Bot.
# Multi-stage build producing a small standalone runtime that listens on :7860.

FROM node:22-slim AS base
ENV NEXT_TELEMETRY_DISABLED=1

# --- Install dependencies (cached on lockfile changes) ----------------------
FROM base AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci

# --- Build the Next.js app --------------------------------------------------
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# COHERE_API_KEY / BLOB_READ_WRITE_TOKEN are read at runtime, not build time,
# so the build needs no secrets.
RUN npm run build

# --- Production runtime ------------------------------------------------------
FROM base AS runner
WORKDIR /app
ENV NODE_ENV=production
# Hugging Face Spaces expect the app on port 7860, bound to all interfaces.
ENV PORT=7860
ENV HOSTNAME=0.0.0.0

# The node:22 image already ships a non-root `node` user at uid 1000, which is
# the uid Hugging Face expects. Reuse it instead of creating a duplicate.

# Standalone output bundles only the files the server actually needs.
COPY --from=builder --chown=node:node /app/public ./public
COPY --from=builder --chown=node:node /app/.next/standalone ./
COPY --from=builder --chown=node:node /app/.next/static ./.next/static

# Writable knowledge-base store for the local fallback (used when no Vercel
# Blob token is set). Note: a Space's filesystem is ephemeral unless you
# attach persistent storage, so uploads reset on rebuild/restart.
RUN mkdir -p /app/data && chown -R node:node /app/data

USER node
EXPOSE 7860
CMD ["node", "server.js"]