fix: use backend-only Dockerfile for dev compose

- Create Dockerfile.backend that skips frontend build stage
- Update docker-compose.dev.yaml to use Dockerfile.backend
- Fixes build failure: frontend build not needed in dev (runs separately)
- Root Dockerfile still builds both for production use

Fixes error: 'npm run build' failed in backend service build
when frontend service runs separately in development mode.

Author: T-DevH

Dockerfile.backend

@@ -0,0 +1,77 @@
+# Backend-only Dockerfile for Development
+# This Dockerfile builds only the backend (no frontend build)
+# Use this for docker-compose.dev.yaml where frontend runs separately
+
+# =============================================================================
+# Backend Dependencies Stage
+# =============================================================================
+FROM python:3.11-slim AS backend-deps
+
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    g++ \
+    gcc \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements and install Python dependencies
+COPY requirements.docker.txt ./requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+# =============================================================================
+# Final Runtime Stage
+# =============================================================================
+FROM python:3.11-slim AS final
+
+# Set working directory
+WORKDIR /app
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y \
+    curl \
+    git \
+    poppler-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy Python dependencies from backend-deps stage
+COPY --from=backend-deps /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=backend-deps /usr/local/bin /usr/local/bin
+
+# Copy application code (explicitly copy only necessary directories)
+# Security: Explicitly copy only required source code to prevent sensitive data exposure
+# .dockerignore provides additional protection as a defense-in-depth measure
+COPY src/ ./src/
+# Copy guardrails configuration (required for NeMo Guardrails)
+COPY data/config/guardrails/ ./data/config/guardrails/
+
+# Build arguments for version injection
+ARG VERSION=0.0.0
+ARG GIT_SHA=unknown
+ARG BUILD_TIME=unknown
+
+# Set environment variables
+ENV VERSION=$VERSION
+ENV GIT_SHA=$GIT_SHA
+ENV BUILD_TIME=$BUILD_TIME
+ENV DOCKER_IMAGE=warehouse-assistant:$VERSION
+ENV PYTHONPATH=/app
+ENV PYTHONUNBUFFERED=1
+
+# Create non-root user for security
+RUN groupadd -r appuser && \
+    useradd -r -g appuser appuser && \
+    chown -R appuser:appuser /app
+USER appuser
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8001/api/v1/health || exit 1
+
+# Expose port
+EXPOSE 8001
+
+# Start command
+CMD ["uvicorn", "src.api.app:app", "--host", "0.0.0.0", "--port", "8001"]
+

deploy/compose/docker-compose.dev.yaml

@@ -94,7 +94,7 @@ services:
   backend:
     build:
       context: ../..
-      dockerfile: Dockerfile
+      dockerfile: Dockerfile.backend
     container_name: wosa-backend
     ports:
       - "8001:8001"