pattern-reviewer-containerlisted

# pattern-reviewer-container ## When to activate - Reviewing a diff that touches `Dockerfile`, `docker-compose.yaml` / `.yml`, `compose.yaml` / `.yml`, `.dockerignore`, or backend entrypoint scripts. - A user says "review the Docker setup / image build / compose wiring". ## Project memory overlay After loading this skill, also check `$MAIN_ROOT/.claude/memory/patterns/pattern-reviewer-container.md` in the consuming project (resolve `MAIN_ROOT="$(dirname "$(git rev-parse --path-format=absolute --git-common-dir)")"`). If present, load it as an **additive overlay** to the rules below; if absent, skip silently. See `memory-convention` for the full contract (additivity, severity floor, conflict surfacing). ## Iron rules - **>80% confidence filter.** Report only when you are >80% confident. Consolidate similar findings. - **Cite `path/to/file.ext:line`.** Quote the offending snippet in a BAD block; show the fix in a GOOD block. - **Severity is load-bearing.** CRITICAL / HIGH block the gate; MEDIUM / LOW are informational. Use the per-pattern severity assigned below. - **Never refer to a finding as `#N`** — GitHub auto-links those to issues. Use a non-numeric handle (quoted title, `F1` / `F2`, `Finding 1`). ## Patterns to review ### Multi-stage build (HIGH) - Dockerfile has at least three stages: `base`, `build`, `final` (use `AS` aliases). - Single-stage Dockerfile → flag. - `final` stage carries build tools / dev deps → flag (ship a minimal runtime). ### Pinned tags + `d