# Development overrides, merged automatically by `docker compose up`.
# Mounts the source for live editing and restarts on change via `node --watch`.
services:
  web:
    command: node --watch src/server.ts
    # Dev overrides the base toggles: live template edits, dev-throwaway secrets allowed.
    environment:
      CACHE_TEMPLATES: "false"
      LOG_FORMAT: "text" # human-readable logs in dev (base sets json for prod log pipelines)
      REQUIRE_SECURE_SECRETS: "false"
      SECURE_COOKIES: "false" # dev serves http — Secure cookies wouldn't be sent
      SCHEDULING_UPSTREAM: "http://shifts-upstream:4000" # reference plugin → the dev mock backend
    volumes:
      - .:/app
      - /app/node_modules

  # Dev mock backend for the reference plugin (plugins/scheduling). A stand-in for the customer's
  # real scheduling service — stdlib-only, in-memory, no auth. Prod points SCHEDULING_UPSTREAM at
  # the real backend instead. Uses the pinned app image so there's nothing extra to build/pull.
  shifts-upstream:
    image: node:24.16.0-alpine3.24
    command: node /srv/server.mjs
    restart: unless-stopped
    volumes:
      - ./examples/shifts-upstream:/srv:ro

  # Dev mail catcher — Kratos recovery/verification emails land here (web UI on 8025).
  # kratos.yml points the courier at smtp://mailpit:1025; prod uses a real SMTP via env.
  mailpit:
    image: axllent/mailpit:v1.30.1
    ports:
      - "8025:8025"
    restart: unless-stopped

  # Ory Kratos dev: expose the public API so the browser can POST self-service flows to
  # flow.ui.action (kratos.yml base_url = 127.0.0.1:4433). Prod fronts Ory same-origin,
  # so the base file publishes no Ory ports.
  kratos:
    ports:
      - "4433:4433"

  # Ory Hydra dev: --dev permits the http issuer/redirect URLs; expose the public port
  # so OAuth2 flows reach the host. Prod (base file) drops --dev for an https issuer.
  hydra:
    command: serve all --dev -c /etc/config/hydra/hydra.yml
    ports:
      - "4444:4444"