# =============================================================================
# STELLA OPS - COMPLIANCE OVERLAY: CHINA
# =============================================================================
# SM2/SM3/SM4 ShangMi (Commercial Cipher) crypto overlay.
# This file extends docker-compose.stella-ops.yml with China-specific crypto.
#
# Usage:
#   docker compose -f devops/compose/docker-compose.stella-ops.yml \
#     -f devops/compose/docker-compose.compliance-china.yml up -d
#
# Cryptography:
# - SM2: Elliptic curve cryptography (signature, key exchange)
# - SM3: Hash function (256-bit digest)
# - SM4: Block cipher (128-bit)
#
# =============================================================================

x-crypto-env: &crypto-env
  STELLAOPS_CRYPTO_PROFILE: "china"
  STELLAOPS_CRYPTO_CONFIG_PATH: "/app/etc/appsettings.crypto.yaml"
  STELLAOPS_CRYPTO_MANIFEST_PATH: "/app/etc/crypto-plugins-manifest.json"

x-crypto-volumes: &crypto-volumes
  - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
  - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro

services:
  # ---------------------------------------------------------------------------
  # Authority - China crypto overlay
  # ---------------------------------------------------------------------------
  authority:
    image: registry.stella-ops.org/stellaops/authority:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/authority:/app/etc/authority:ro
      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Signer - China crypto overlay
  # ---------------------------------------------------------------------------
  signer:
    image: registry.stella-ops.org/stellaops/signer:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Attestor - China crypto overlay
  # ---------------------------------------------------------------------------
  attestor:
    image: registry.stella-ops.org/stellaops/attestor:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Concelier - China crypto overlay
  # ---------------------------------------------------------------------------
  concelier:
    image: registry.stella-ops.org/stellaops/concelier:china
    environment:
      <<: *crypto-env
    volumes:
      - concelier-jobs:/var/lib/concelier/jobs
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Scanner Web - China crypto overlay
  # ---------------------------------------------------------------------------
  scanner-web:
    image: registry.stella-ops.org/stellaops/scanner-web:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/scanner:/app/etc/scanner:ro
      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
      - scanner-surface-cache:/var/lib/stellaops/surface
      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
      - ${SCANNER_OFFLINEKIT_TRUSTROOTS_HOST_PATH:-./offline/trust-roots}:${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}:ro
      - ${SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH:-./offline/rekor-snapshot}:${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}:ro
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Scanner Worker - China crypto overlay
  # ---------------------------------------------------------------------------
  scanner-worker:
    image: registry.stella-ops.org/stellaops/scanner-worker:china
    environment:
      <<: *crypto-env
    volumes:
      - scanner-surface-cache:/var/lib/stellaops/surface
      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Scheduler Worker - China crypto overlay
  # ---------------------------------------------------------------------------
  scheduler-worker:
    image: registry.stella-ops.org/stellaops/scheduler-worker:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Notify Web - China crypto overlay
  # ---------------------------------------------------------------------------
  notify-web:
    image: registry.stella-ops.org/stellaops/notify-web:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/notify:/app/etc/notify:ro
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Excititor - China crypto overlay
  # ---------------------------------------------------------------------------
  excititor:
    image: registry.stella-ops.org/stellaops/excititor:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Advisory AI Web - China crypto overlay
  # ---------------------------------------------------------------------------
  advisory-ai-web:
    image: registry.stella-ops.org/stellaops/advisory-ai-web:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/llm-providers:/app/etc/llm-providers:ro
      - advisory-ai-queue:/var/lib/advisory-ai/queue
      - advisory-ai-plans:/var/lib/advisory-ai/plans
      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Advisory AI Worker - China crypto overlay
  # ---------------------------------------------------------------------------
  advisory-ai-worker:
    image: registry.stella-ops.org/stellaops/advisory-ai-worker:china
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/llm-providers:/app/etc/llm-providers:ro
      - advisory-ai-queue:/var/lib/advisory-ai/queue
      - advisory-ai-plans:/var/lib/advisory-ai/plans
      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "china"

  # ---------------------------------------------------------------------------
  # Web UI - China crypto overlay
  # ---------------------------------------------------------------------------
  web-ui:
    image: registry.stella-ops.org/stellaops/web-ui:china
    labels:
      com.stellaops.crypto.profile: "china"