# Production override — use with:
#   docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d --build
#
# What this changes from the base (dev) config:
#   - Disables the Docker nginx container (host nginx handles routing + SSL)
#   - Backend: production Dockerfile (compiled JS, no watch, no devDeps)
#   - Frontend: production Dockerfile (static build served by nginx on port 3001)
#   - Backend + Frontend bound to 127.0.0.1 only (host nginx proxies to them)
#   - No source-code volume mounts (uses baked-in built code)
#   - Memory limits and health checks on backend
#   - Tuned PostgreSQL for production workloads
#   - Restart policies for reliability
#
# SSL/TLS and request routing are handled by the host-level nginx.
# See nginx/host-production.conf for a ready-to-use reference config.

services:
  nginx:
    # Disabled in production — host nginx handles routing + SSL directly.
    # The dev-only Docker nginx is still used by the base docker-compose.yml.
    deploy:
      replicas: 0

  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile          # production Dockerfile (compiled JS)
    ports:
      - "127.0.0.1:3000:3000"        # loopback only — host nginx proxies here
    volumes: []                        # override: no source mounts in prod
    environment:
      - DATABASE_URL=${DATABASE_URL}
      - REDIS_URL=${REDIS_URL}
      - JWT_SECRET=${JWT_SECRET}
      - NODE_ENV=production
      - AI_API_URL=${AI_API_URL}
      - AI_API_KEY=${AI_API_KEY}
      - AI_MODEL=${AI_MODEL}
      - AI_DEBUG=${AI_DEBUG:-false}
      - NEW_RELIC_ENABLED=${NEW_RELIC_ENABLED:-false}
      - NEW_RELIC_LICENSE_KEY=${NEW_RELIC_LICENSE_KEY:-}
      - NEW_RELIC_APP_NAME=${NEW_RELIC_APP_NAME:-HOALedgerIQ_App}
    deploy:
      resources:
        limits:
          memory: 1024M
        reservations:
          memory: 256M
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api || exit 1"]
      interval: 15s
      timeout: 5s
      retries: 3
      start_period: 30s
    restart: unless-stopped

  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile           # production Dockerfile (static nginx)
    ports:
      - "127.0.0.1:3001:3001"         # loopback only — host nginx proxies here
    volumes: []                         # override: no source mounts in prod
    environment:
      - NODE_ENV=production
    restart: unless-stopped

  postgres:
    # Tune PostgreSQL for production workloads
    command: >
      postgres
        -c max_connections=200
        -c shared_buffers=256MB
        -c effective_cache_size=512MB
        -c work_mem=4MB
        -c maintenance_work_mem=64MB
        -c checkpoint_completion_target=0.9
        -c wal_buffers=16MB
        -c random_page_cost=1.1
    deploy:
      resources:
        limits:
          memory: 1024M
        reservations:
          memory: 512M
    restart: unless-stopped

  redis:
    restart: unless-stopped