.

qwen/hack/Dockerfile

@@ -1,5 +1,8 @@
 FROM hhvm/hhvm:latest
 
+# Create a non-root user for security
+RUN useradd -m -u 1000 -s /bin/bash hhuser
+
 # Set working directory
 WORKDIR /var/www/html
 
@@ -15,26 +18,20 @@ RUN apt-get update && apt-get install -y \
     supervisor \
     && rm -rf /var/lib/apt/lists/*
 
-# Install and configure PHP extensions (for compatibility with PHP libraries)
-RUN docker-php-ext-install \
-    pdo \
-    pdo_mysql \
-    gd \
-    mbstring \
-    xml \
-    zip
-
 # Install Composer
 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 
 # Copy application files
 COPY . /var/www/html
 
-# Install PHP dependencies
-RUN composer install --no-dev --optimize-autoloader
+# Install PHP dependencies, ignoring platform requirements for build
+RUN composer install --no-dev --optimize-autoloader --ignore-platform-reqs
 
-# Make sure scripts are executable
-RUN chmod +x /var/www/html/docker-start.sh
+# Change ownership to the non-root user
+RUN chown -R hhuser:hhuser /var/www/html
+
+# Make sure scripts are executable (if we have any)
+RUN chmod +x /var/www/html/deploy.sh 2>/dev/null || true
 
 # Expose port 18000 as specified in AGENTS.md for qwen/hack
 EXPOSE 18000
@@ -44,9 +41,12 @@ RUN set -eux; \
     wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64; \
     chmod +x /usr/bin/dumb-init
 
+# Switch to the non-root user
+USER hhuser
+
 # Start the application
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
-CMD ["hhvm", "-m", "server", "-p", "18000", "--document-root", "/var/www/html/public"]
+CMD ["hhvm", "-m", "server", "-p", "18000", "-v", "Server.Type=proxygen", "-v", "Server.SourceRoot=/var/www/html/public"]
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \