Harden Tailwind Docker build and add deploy verification

Dockerfile

@@ -1,22 +1,33 @@
 # Multi-stage build per LLM Monitor
 
 # Stage 1: Build CSS with Tailwind
-FROM node:18-alpine as css-builder
+FROM node:18-alpine AS css-builder
 
 WORKDIR /app
 
-# Copiare file di configurazione
-COPY package.json tailwind.config.js ./
-COPY app/web/static/css/input.css ./app/web/static/css/
+# Copiare file di configurazione e lockfile per install consistente
+COPY package.json package-lock.json tailwind.config.js ./
 
 # Installare dipendenze Node
-RUN npm install
+RUN npm ci
+
+# Copiare input CSS e file usati dal content scan di Tailwind.
+# Questo passaggio deve avvenire prima della build per invalidare cache quando cambiano template/js.
+COPY app/web/static/css/input.css ./app/web/static/css/
+COPY app/web/templates/ ./app/web/templates/
+COPY app/web/static/js/ ./app/web/static/js/
 
 # Compilare CSS Tailwind
 RUN npm run tailwind:build
 
+# Verifica bloccante: output.css deve essere compilato e non vuoto.
+RUN test -s ./app/web/static/css/output.css && \
+    CSS_LINES=$(wc -l < ./app/web/static/css/output.css) && \
+    echo "[css-builder] output.css lines: ${CSS_LINES}" && \
+    test "${CSS_LINES}" -ge 100
+
 # Stage 2: Build Python packages
-FROM python:3.11-slim as builder
+FROM python:3.11-slim AS builder
 
 WORKDIR /app
 
@@ -48,10 +59,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 COPY --from=builder /opt/venv /opt/venv
 
 # Copiare codice dell'app
-    COPY --from=css-builder /app/app/web/static/css/output.css ./app/web/static/css/
+COPY --from=css-builder /app/app/web/static/css/output.css ./app/web/static/css/output.css
 COPY app/ /app/app/
 COPY main.py /app/
-COPY .env* /app/
 
 # Impostare PATH
 ENV PATH="/opt/venv/bin:$PATH"