services:
  opencode:
    image: opencode-arch
    build:
      context: .
      dockerfile: Dockerfile
      args:
        USERNAME: "${USER}"
        UID: "${UID}"
        GID: "${GID}"

    user: "${UID}:${GID}"
    working_dir: "${PWD}"
    stdin_open: true
    tty: true

    environment:
      HOME: "${PWD}/data"
      UID: "${UID}"
      GID: "${GID}"

    volumes:
      # Current project (read–write)
      - "${PWD}:${PWD}"

    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true