# Development overrides, merged automatically by `docker compose up`.
# Mounts the source for live editing and restarts on change via `node --watch`.
services:
  web:
    command: node --watch src/server.ts
    # Dev overrides the base toggles: live template edits, dev-throwaway secrets allowed.
    environment:
      CACHE_TEMPLATES: "false"
      REQUIRE_SECURE_SECRETS: "false"
      SECURE_COOKIES: "false" # dev serves http — Secure cookies wouldn't be sent
    volumes:
      - .:/app
      - /app/node_modules

  # Dev mail catcher — Kratos recovery/verification emails land here (web UI on 8025).
  # kratos.yml points the courier at smtp://mailpit:1025; prod uses a real SMTP via env.
  mailpit:
    image: axllent/mailpit:v1.30.1
    ports:
      - "8025:8025"
    restart: unless-stopped

  # Ory Kratos dev: expose the public API so the browser can POST self-service flows to
  # flow.ui.action (kratos.yml base_url = 127.0.0.1:4433). Prod fronts Ory same-origin,
  # so the base file publishes no Ory ports.
  kratos:
    ports:
      - "4433:4433"

  # Ory Hydra dev: --dev permits the http issuer/redirect URLs; expose the public port
  # so OAuth2 flows reach the host. Prod (base file) drops --dev for an https issuer.
  hydra:
    command: serve all --dev -c /etc/config/hydra/hydra.yml
    ports:
      - "4444:4444"