菜单
Use this skill when building, containerizing, or deploying WrongStack with Docker. Triggers: user says "docker", "container", "dockerfile", "image", "docker-compose", "deploy", "containerize", "registry", "multi-stage", "distroless".
Use this skill when choosing, installing, or recommending packages, libraries, frameworks, or tooling — any decision that involves a version number or a technology name. This skill enforces latest-version verification, blocks dead/obsolete choices, and intervenes when the LLM hallucinates version numbers or suggests 5+ year-old technology. Triggers: user says "install", "package", "dependency", "upgrade", "latest version", "add package", "npm install", "pnpm add", "what version", "which library", "tech stack", "choose framework".
Use this skill when a task would benefit from parallel execution across multiple AI agents, or when orchestrating leader/worker patterns in WrongStack. Triggers: user says "fan out", "parallel", "delegate", "subagent", "fleet", "coordinator".
Use this skill when designing, reviewing, or refactoring REST APIs in WrongStack. Triggers: user says "API", "endpoint", "REST", "request", "response", "JSON", "HTTP", "status code", "pagination", "query params", "request body".
Use this skill when analyzing WrongStack session logs, event streams, or system traces to surface patterns, anomalies, or operational insights. Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".
Use this skill when scanning source code for bugs, anti-patterns, code smells, or quality issues in a WrongStack project. Triggers: user says "bug", "bug hunt", "scan for issues", "find problems", "anti-pattern", "code smell", "static analysis".
Use this skill when proposing, reviewing, or troubleshooting git commits, branches, pull requests, or merge strategies in a WrongStack project session. Triggers: user mentions "commit", "branch", "PR", "merge", "rebase", "stash", "diff".
| name | docker-deploy |
| description | Use this skill when building, containerizing, or deploying WrongStack with Docker. Triggers: user says "docker", "container", "dockerfile", "image", "docker-compose", "deploy", "containerize", "registry", "multi-stage", "distroless". |
| version | 1.0.0 |
Containerizes and deploys WrongStack with Docker. WrongStack is a Node.js CLI tool — containerize it for CI/CD, cloud deployment, or self-hosted setups. Use multi-stage builds to keep images small and distroless base images for security.
node:* base image with pinned version — not node:latest.docker healthcheck pointing to the CLI's self-check command.wrongstack:$GIT_SHA — never latest in production.trivy image or docker scout before push..dockerignore to exclude node_modules, dist, .git, *.test.ts.# ✅ Multi-stage build — small production image
FROM node:22-alpine AS builder
WORKDIR /app
COPY package.json pnpm-lock.yaml .pnpmfile.cjs ./
RUN corepack enable && pnpm install --frozen-lockfile
COPY . .
RUN pnpm build
FROM node:22-alpine AS runtime
WORKDIR /app
# Copy only what's needed
COPY --from=builder /app/packages/cli/dist ./dist/
COPY --from=builder /app/node_modules ./node_modules/
COPY --from=builder /app/packages/cli/package.json ./
# Non-root user
RUN addgroup -S wrongstack && adduser -S wrongstack -G wrongstack
USER wrongstack
ENTRYPOINT ["node", "dist/index.js"]
# ✅ docker-compose.yml — development
version: '3.9'
services:
wrongstack:
build:
context: .
dockerfile: Dockerfile
environment:
- WRONGSTACK_CONFIG_DIR=/app/.wrongstack
- WRONGSTACK_SESSION_ROOT=/app/sessions
volumes:
- .:/app
- wrongstack-data:/app/.wrongstack
stdin_open: true
tty: true
volumes:
wrongstack-data:
# ✅ Build with git SHA tag
IMAGE_TAG="wrongstack:$(git rev-parse --short HEAD)"
docker build -t "$IMAGE_TAG" .
docker tag "$IMAGE_TAG" "registry.example.com/wrongstack:$IMAGE_TAG"
docker push "registry.example.com/wrongstack:$IMAGE_TAG"
# ❌ Running as root
FROM node:22
WORKDIR /app
COPY . .
RUN npm install && npm run build
ENTRYPOINT ["npm", "start"]
# ❌ No .dockerignore — copies everything
# node_modules, .git, dist/ end up in the image
# ❌ Secrets baked into image
ARG API_KEY
RUN echo $API_KEY > /app/config.key # ❌
| Practice | Why |
|---|---|
| Pin base image version | node:22-alpine not node:latest |
| Multi-stage build | 1GB → ~150MB image size |
| Non-root user | Security: container compromise ≠ host root |
.dockerignore | Smaller image, faster builds |
No latest tag | Reproducibility — you always know which SHA |
| Health check | Kubernetes/docker-compose health monitoring |
# Required at runtime
WRONGSTACK_CONFIG_DIR=/app/.wrongstack
WRONGSTACK_SESSION_ROOT=/app/sessions
# Optional
WRONGSTACK_PROVIDER=anthropic
WRONGSTACK_MODEL=claude-3-5-sonnet-20241022
WRONGSTACK_API_KEY=${ANTHROPIC_API_KEY} # from secrets manager
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD node dist/index.js diag-doctor || exit 1
# Scan before push
trivy image wrongstack:$GIT_SHA
# Block critical vulnerabilities
trivy image --exit-code 1 --ignore-unfixed --severity HIGH,CRITICAL wrongstack:$GIT_SHA
packages/cli/dist/index.js after build.pnpm -r build before docker build.WRONGSTACK_SESSION_ROOT — mount a volume for persistence.WRONGSTACK_CONFIG_DIR — mount for config persistence across restarts.security-scanner — for scanning Dockerfiles and container configs for vulnerabilitiesgit-flow — for tagging releases and managing Docker image versionsnode-modern — for Node.js-specific containerization patternsobservability — for logging and tracing in containerized environments