services:
  agentgateway:
    image: ghcr.io/agentgateway/agentgateway:v1.1.0
    ports:
      - "4000:4000"     # OpenAI-compatible API
      - "9001:9001"     # MCP gateway
      - "15000:15000"   # UI
    volumes:
      - ../config:/etc/agentgateway:ro
      - ../certs:/etc/ssl/agentgateway:ro
    command: ["-f", "/etc/agentgateway/config-binds.yaml"]
    environment:
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
    labels:
      - "traefik.enable=true"
      # TCP passthrough — TLS terminé par agentgateway (nécessaire pour SSE)
      - "traefik.tcp.routers.agentgateway-mcp.rule=HostSNI(`mcp.sttlab.pc`)"
      - "traefik.tcp.routers.agentgateway-mcp.entrypoints=websecure"
      - "traefik.tcp.routers.agentgateway-mcp.tls.passthrough=true"
      - "traefik.tcp.routers.agentgateway-mcp.service=agentgateway-mcp"
      - "traefik.tcp.services.agentgateway-mcp.loadbalancer.server.port=9001"
      # LLM proxy
      - "traefik.tcp.routers.agentgateway-llm.rule=HostSNI(`llm.sttlab.pc`)"
      - "traefik.tcp.routers.agentgateway-llm.entrypoints=websecure"
      - "traefik.tcp.routers.agentgateway-llm.tls.passthrough=true"
      - "traefik.tcp.routers.agentgateway-llm.service=agentgateway-llm"
      - "traefik.tcp.services.agentgateway-llm.loadbalancer.server.port=4000"
    networks:
      - default
      - pm-tools
      - reverse
    restart: unless-stopped

networks:
  pm-tools:
    external: true
  reverse:
    external: true