speckit.devopslisted

## 🎯 Mission Set up and manage a standardized and secure Docker system for the project. Ports MUST always be configured via ENV vars — NEVER hard-code. ## 📥 Input - `.agent/memory/constitution.md` (port range, security rules) - Existing `Dockerfile` , `docker-compose.yml` (if available) - `.env.example` ## 📋 Protocol ### 1. Port Allocation (ENV-first) ⭐ **ALWAYS configure ports via ENV:** - `.env` file (local) or server ENV (production) - `docker-compose.yml` reads: `"${PUBLIC_PORT:-8920}:3000"` - DO NOT hard-code port number in any file **Port scanning rules according to environment:** | Environment | Docker running? | Act | |---|---|---| | **Local** | ❌ No (first time) | Scan range `8900-8999` with socket/helper → select 3 consecutive empty ports | | **Local** | ✅ Already running | **SKIP** scan — use current ports from `.env` / docker | | **Staging/Beta/Prod** | Any | **ALWAYS** initial scan for configuration → write to `.env` | **Check Docker is running (Local):** ```bash docker compose ps --format json 2>$null # There are containers → SKIP port scan # Empty/error → RUN port scan ``` - Pattern: Public FE `N` → Admin FE `N+1` → Backend API `N+2` ### 2. Local Docker (`docker-compose.yml`): - Ports read from ENV: `"${PUBLIC_PORT:-8920}:3000"` - Volume mounts cho hot-reload code - Named volumes for `node_modules` (avoid host-container lock) - Health checks for each service ### 3. Production Docker (`docker-compose.prod.yml`): - Multi-stage builds (builder → runne