services:
  opencode:
    image: opencode-arch
    build:
      context: .
      dockerfile: Dockerfile
      args:
        USERNAME: "${USER}"
        UID: "${UID}"
        GID: "${GID}"

    user: "${UID}:${GID}"
    working_dir: "${PWD}"
    stdin_open: true
    tty: true

    environment:
      XDG_DATA_HOME: "${XDG_DATA_HOME}"
      XDG_CONFIG_HOME: "${XDG_CONFIG_HOME}"
      XDG_STATE_HOME: "${XDG_STATE_HOME}"
      XDG_CACHE_HOME: "${XDG_CACHE_HOME}"
      UID: "${UID}"
      GID: "${GID}"

    volumes:
      # Current project (read–write)
      - "${PWD}:${PWD}"

      # OpenCode persistence (host directories, writable)
      - "${XDG_DATA_HOME}/opencode:${XDG_DATA_HOME}/opencode"
      - "${XDG_CONFIG_HOME}/opencode:${XDG_CONFIG_HOME}/opencode"
      - "${XDG_STATE_HOME}/opencode:${XDG_STATE_HOME}/opencode"
      - "${XDG_CACHE_HOME}/opencode:${XDG_CACHE_HOME}/opencode"

    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true