/ containers / Containerfile.policy
Containerfile.policy
1 # SPDX-License-Identifier: AGPL-3.0-or-later 2 # SPDX-FileCopyrightText: 2024-2025 hyperpolymath 3 # 4 # Oikos Bot Policy Engine Container 5 # Datalog + DeepProbLog based policy engine 6 # 7 # Build: podman build -t oikos-policy:latest -f containers/Containerfile.policy . 8 9 FROM /cerro-torre AS builder 10 11 WORKDIR /build 12 13 # Install build dependencies 14 RUN guix install \ 15 python \ 16 python-pip \ 17 souffle \ 18 swi-prolog \ 19 git 20 21 # Copy policy engine source 22 COPY policy-engine/ . 23 24 # Create virtual environment and install dependencies 25 RUN python -m venv /opt/venv && \ 26 /opt/venv/bin/pip install --upgrade pip && \ 27 /opt/venv/bin/pip install \ 28 numpy \ 29 torch \ 30 networkx \ 31 pyyaml \ 32 aiohttp \ 33 pyarango \ 34 SPARQLWrapper 35 36 # Install DeepProbLog 37 RUN /opt/venv/bin/pip install deepproblog 38 39 # ============================================================================= 40 # Runtime 41 # ============================================================================= 42 FROM /cerro-torre AS runtime 43 44 WORKDIR /app 45 46 # Install runtime dependencies 47 RUN guix install \ 48 python \ 49 souffle \ 50 swi-prolog \ 51 jq 52 53 # Copy virtual environment 54 COPY --from=builder /opt/venv /opt/venv 55 56 # Copy policy engine 57 COPY --from=builder /build /app/policy-engine 58 59 # Copy Datalog rules 60 COPY policy-engine/datalog/ /app/datalog/ 61 62 # Copy DeepProbLog rules 63 COPY policy-engine/deepproblog/ /app/deepproblog/ 64 65 # Environment 66 ENV PATH="/opt/venv/bin:$PATH" 67 ENV PYTHONUNBUFFERED=1 68 ENV PORT=8081 69 70 # Create non-root user 71 RUN useradd -m -s /bin/bash policyengine 72 USER policyengine 73 74 EXPOSE 8081 75 76 # Health check 77 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \ 78 CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8081/health')" 79 80 CMD ["python", "-m", "policy_engine.server", "--port", "8081"]