services:
  maestro:
    build:
      context: .
      dockerfile: Dockerfile
    image: maestro:latest
    container_name: maestro
    restart: unless-stopped
    # Headed Chromium (display_mode: novnc) crashes with Docker's default 64MB
    # /dev/shm. Give it room so the Browser tab / InteractiveBrowse / CAPTCHA
    # pool work. Harmless when display_mode is headless.
    shm_size: "1gb"
    ports:
      # Auth is optional, so keep the default deployment local-only.
      - "127.0.0.1:9876:9876"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    env_file:
      - .env
    environment:
      - NODE_ENV=production
      - PORT=9876
      - DB_PATH=/app/data/maestro.db
      - WORKTREE_DIR=/workspaces
    volumes:
      # アプリの状態 (DB / users / skills / secrets) を永続化。
      # アプリは WORKDIR /app からの相対 ./data に書くので /app/data にマウントする。
      - maestro-data:/app/data
      # エージェントワークスペース永続化
      - maestro-workspaces:/workspaces
      # config.yaml をホストから永続化したい場合は bind-mount (書き込み可)。
      # Settings UI / npm run setup で書き換えるなら :ro は付けないこと。
      # - ./config.yaml:/app/config.yaml
    healthcheck:
      test: ["CMD", "node", "-e", "fetch('http://localhost:9876/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

volumes:
  maestro-data:
    driver: local
  maestro-workspaces:
    driver: local