FROM nvidia/cuda:12.9.0-devel-ubuntu24.04

ENV DEBIAN_FRONTEND=noninteractive
ENV UV_LINK_MODE=copy
ENV UV_PYTHON=3.12
ENV PYTHONUNBUFFERED=1

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    ca-certificates \
    curl \
    git \
    ninja-build \
    && rm -rf /var/lib/apt/lists/*

RUN curl -LsSf https://astral.sh/uv/install.sh | sh
ENV PATH="/root/.local/bin:${PATH}"

WORKDIR /workspace
ENV UV_PROJECT_ENVIRONMENT=/workspace/venv

COPY pyproject.toml uv.lock ./
RUN uv sync --extra kernelbench --no-dev --no-install-project

ENV PATH="/workspace/venv/bin:${PATH}"

# Copy only the eval runner — the container has no access to scorer, dataset,
# or any other inspect_evals code, eliminating reward hacking surface.
# __init__.py files are empty package markers; we don't copy the real ones
# to avoid pulling in imports that reference modules not present in the container.
RUN mkdir -p /eval_runner/inspect_evals/kernelbench && \
    touch /eval_runner/inspect_evals/__init__.py && \
    touch /eval_runner/inspect_evals/kernelbench/__init__.py
COPY src/inspect_evals/kernelbench/eval_runner.py /eval_runner/inspect_evals/kernelbench/eval_runner.py

RUN mkdir -p /workspace/kernelbench_build /workspace/kernelbench_tmp /workspace/kernelbench_cache

ENV TMPDIR=/workspace/kernelbench_tmp
ENV XDG_CACHE_HOME=/workspace/kernelbench_cache
ENV PYTHONPATH=/eval_runner
