docker/AGENTS.md

Codex instructions for this repository

This repository contains:

• Docker Compose infrastructure
• Terraform configuration
• Ansible configuration

General rules

Prefer validation and linting over execution. Do not make assumptions about runtime access. Do not run destructive commands. Do not install repo changes unless explicitly requested.

Docker / Compose rules

This environment does not have Docker daemon access. Do not use commands that require /var/run/docker.sock.

Allowed:

• docker compose config
• docker compose -f <file> config
• ./services-up.sh --profile all config

Not allowed:

• docker compose up
• docker compose down
• docker compose run
• docker compose exec
• docker build
• docker pull

When validating Docker changes:

1. Prefer ./services-up.sh --profile all config if available.
2. If that does not fit the task, use docker compose -f ... config.
3. Only create temporary placeholder env files if validation requires them.
4. Do not commit placeholder env files unless explicitly requested.

Terraform rules

Allowed:

• terraform fmt -check -recursive
• terraform init -backend=false -input=false
• terraform validate
• tflint

Do not apply infrastructure changes unless explicitly requested. Do not run:

• terraform apply
• terraform destroy

Ansible rules

Allowed:

• ansible-lint
• ansible-playbook --syntax-check <playbook>

Do not run playbooks against real hosts unless explicitly requested.

Shell / YAML rules

Allowed:

• shellcheck
• yamllint
• yq
• jq

Expected workflow

When making changes:

1. Edit the smallest necessary set of files.
2. Run the safest available validation commands.
3. Report validation results clearly.
4. If validation is blocked by missing secrets, env files, or remote/provider access, say so explicitly instead of guessing.