services:
  python:
    build:
      context: .
      dockerfile: Dockerfile
    image: cve-2024-12254-python:3.12.8
    container_name: cve-2024-12254-python
    # No host port is published: the CVE is in-process asyncio flow-control logic.
    # The verifier drives a loopback transport entirely inside this container
    # (server + non-reading peer, or a forced low high-water mark), and reads the
    # flow-control state from its own harness. Nothing needs outside reach.
    init: true
    healthcheck:
      # Confirm the pinned, vulnerable interpreter is the one that runs.
      test: ["CMD", "python3", "-c", "import sys; assert sys.version_info[:3]==(3,12,8)"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 2s