services:
  splunk:
    image: splunk/splunk:9.4.2
    container_name: splunk
    restart: unless-stopped
    ports:
      - "8000:8000"   # Splunk Web
      - "8088:8088"   # HEC
      - "8089:8089"   # Management API
    environment:
      SPLUNK_START_ARGS: --accept-license
      SPLUNK_PASSWORD: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
      SPLUNK_HEC_TOKEN: ${SPLUNK_HEC_TOKEN:-dev-0123456789abcdef}
    volumes:
      - splunk-etc:/opt/splunk/etc
      - splunk-var:/opt/splunk/var
    healthcheck:
      test: ["CMD-SHELL", "curl -sk https://localhost:8089/services/server/info | grep -q version"]
      interval: 10s
      timeout: 5s
      retries: 30

  poller:
    build:
      context: .
      dockerfile: poller/Dockerfile
    container_name: splunk-poller
    restart: unless-stopped
    depends_on:
      splunk:
        condition: service_healthy
    environment:
      # --- Splunk connection (to containerized Splunk) ---
      SPLUNK_HOST: splunk
      SPLUNK_PORT: "8089"
      SPLUNK_USER: admin
      SPLUNK_PW: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
      SPLUNK_VERIFY_SSL: "false"
      # --- What to read ---
      SPLUNK_INDEX: intesa_payments
      SPLUNK_SOURCETYPE: intesa:bonifico
      INITIAL_LOOKBACK: -24h@h
      CREATE_INDEX_IF_MISSING: "true"
      # --- Polling / chunking ---
      SLEEP_SECONDS: "60"
      MAX_CHUNK_BYTES: "1800000"
      # --- Sink selection: file (local) | blob (azure) | blob+queue (azure) ---
      SINK: blob+queue 
      OUTDIR: /app/out
      # --- Azure Storage (Blob + Queue) ---
      AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
      AZURE_STORAGE_CONTAINER: ${AZURE_STORAGE_CONTAINER:-bank-logs}
      AZURE_STORAGE_QUEUE_NAME: ${AZURE_STORAGE_QUEUE_NAME:-log-chunks}
      AZURE_COMPRESS: "true"
      # --- Email default for enqueued messages ---
      POLLER_EMAIL_SEND_DEFAULT: "true"
    volumes:
      - chunks:/app/out

  agent-api:
    build:
      context: .
      dockerfile: api/Dockerfile
    container_name: agent-api
    restart: unless-stopped
    depends_on:
      - poller
    ports:
      - "8080:8080"
    env_file:
      - .env   # AOAI + Mailtrap, etc.
    environment:
      CHUNK_DIR: /app/out
      TOP_K: "12"
      # If the API should read blobs directly, ensure these also exist in .env:
      # AZURE_STORAGE_CONNECTION_STRING=...
      # AZURE_STORAGE_CONTAINER=bank-logs
    volumes:
      - chunks:/app/out

  queue-worker:
    build:
      context: .
      dockerfile: worker/Dockerfile
    container_name: queue-worker
    restart: unless-stopped
    depends_on:
      - agent-api
    env_file:
      - .env   # to pick up AZURE_STORAGE_CONNECTION_STRING if you keep it here
    environment:
      AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
      QUEUE_NAME: ${AZURE_STORAGE_QUEUE_NAME:-log-chunks}
      ANALYZER_URL: http://agent-api:8080/analyze   # inside compose network
      POLL_INTERVAL_SEC: "60"
      MAX_DEQUEUE: "1"
      VISIBILITY_TIMEOUT: "120"
      HTTP_TIMEOUT: "120"

volumes:
  splunk-etc:
  splunk-var:
  chunks: