services:
  db:
    image: postgres:16
    environment:
      POSTGRES_DB: mastermind
      POSTGRES_USER: mastermind
      POSTGRES_PASSWORD: ${DB_PASSWORD:-mastermind}
    volumes:
      - ./data/postgres:/var/lib/postgresql/data
    ports:
      - "5433:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U mastermind -d mastermind"]
      interval: 5s
      timeout: 5s
      retries: 20

  web:
    build: ./web
    environment:
      NODE_ENV: development
      PORT: 3005
      DATABASE_URL: postgres://mastermind:${DB_PASSWORD:-mastermind}@db:5432/mastermind
      SESSION_SECRET: ${SESSION_SECRET:-change-me}
      BASE_URL: ${BASE_URL:-http://localhost:3005}
      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-}
      MICROSOFT_CLIENT_ID: ${MICROSOFT_CLIENT_ID:-}
      MICROSOFT_CLIENT_SECRET: ${MICROSOFT_CLIENT_SECRET:-}
      BOOTSTRAP_OWNER_EMAIL: ${BOOTSTRAP_OWNER_EMAIL:-owner@local}
      BOOTSTRAP_OWNER_PASSWORD: ${BOOTSTRAP_OWNER_PASSWORD:-owner}
    depends_on:
      db:
        condition: service_healthy
    ports:
      - "3005:3005"
    volumes:
      - ./data:/app/data
      - ./README.md:/app/README.md:ro
      - ./INSTALL.md:/app/INSTALL.md:ro
      - ./DEVELOPMENT.md:/app/DEVELOPMENT.md:ro
      - ./OPERATIONS.md:/app/OPERATIONS.md:ro
      - ./CHANGELOG.md:/app/CHANGELOG.md:ro

  worker:
    build: ./worker
    environment:
      NODE_ENV: development
      DATABASE_URL: postgres://mastermind:${DB_PASSWORD:-mastermind}@db:5432/mastermind
    depends_on:
      db:
        condition: service_healthy
    # (MVP) no bind-mount to avoid masking node_modules inside container

volumes: {}