| trigger | always_on |
|---|---|
| last_updated | 2026-05-15 |
| pc2e_version | 1.0 |
Purpose: Creating and managing Docker Compose files for containerized services Precedence: Supplements global and mode-specific rules Last Updated: 2026-03-19
BEFORE creating or modifying ANY docker-compose.yml file:
- Read
Project_Context.md— Understand the folder structure and connective parts within the project - Read ALL relevant project files — Understand the codebase before containerizing it
- Read
PORTS.md— Verify port availability and document new port allocations - Read
SYSTEM_LOG.md— Check for past Docker-related decisions or failures - Understand user intent — If instructions are unclear, CLARIFY before proceeding
Anti-Pattern: Do NOT give one-liner replies and expect the user to understand. Your interpretation and a human's interpretation can be very different.
-
New files, not modifications: When asked to create a new
docker-compose.ymlfile, always create a NEW file (do not modify existing unless explicitly requested) -
Header timestamp: Every
docker-compose.ymlfile MUST include a hash, date, and timestamp at the top for record-keeping# docker-compose.yml # Created: 2026-03-19 20:30:00 # Hash: <git-commit-hash or unique-id>
- Non-root containers: Every service MUST run as a non-root user
- No hardcoded secrets: Use environment variables or
.envfiles (never commit secrets to version control) - Security headers: Web-facing services MUST be fronted by Nginx with proper security headers
- Network isolation: Use Docker networks to isolate services
- Stateless services: Services should be designed to run multiple replicas
- External state stores: Use Redis, PostgreSQL, or other external stores for persistent state
- Health checks: Every service SHOULD include a
healthcheckdirective
- Pin versions: ALWAYS use specific version tags for images (e.g.,
node:20-alpine, NOTnode:latest) - Restart policies: Use
restart: unless-stoppedfor production services - Resource limits: Define memory and CPU limits for production services
- Volume management: Use named volumes for persistent data
- Read
Project_Context.mdto understand the ecosystem - Read all project files to understand the codebase
- Read
PORTS.mdto know available ports - Read
SYSTEM_LOG.mdfor past decisions
- If user instructions are unclear, STOP and ASK for clarification
- Do NOT proceed with assumptions that could be wrong
- Create the compose file with proper header timestamp
- Run
docker compose configto validate syntax - Read the output to verify configuration
- Sandboxed testing: Test before declaring success
- Run
docker compose up -dand verify services start - Check
docker logs <service>for each service - Read terminal output: Monitor output yourself, not the user
- Update
PORTS.mdwith new port allocations - Update
Project_Context.mdwith new services - Update
SYSTEM_LOG.mdwith timestamp, decisions, and rationale
- ❌ NEVER skip reading the terminal output
- ❌ NEVER use
latesttags - ❌ NEVER assume the file works without testing
- ❌ NEVER skip clarification when instructions are unclear
- File created with header timestamp
- Syntax validated with
docker compose config - Services tested and verified
- All governance files updated
This workflow inherits: