docker
ALWAYS activate when the user's query involves Docker in any way — even if it also matches other skills. If the words docker, Dockerfile, docker-compose, compose.yml, container, or image appear in the query, this skill MUST be used. Covers: writing or editing Dockerfiles and compose files, adding services (postgres, redis, etc.) to compose, volume mounts and data persistence, docker build failures (layer caching, npm install issues), healthchecks and service startup ordering (depends_on), environment variables in containers, port mapping, container crashes and exit codes (OOM/137), non-root users, multi-stage builds, image optimization, .dockerignore, and deploying to container runtimes. Takes priority over general implementation or debugging skills when Docker infrastructure is the subject.
git clone --depth 1 https://github.com/avibebuilder/claude-prime /tmp/docker && cp -r /tmp/docker/.claude/starter-skills/docker ~/.claude/skills/dockerSKILL.md
# Docker Project-specific containerization patterns for Dockerfile and Docker Compose. ## Architecture Decisions ### Image Building 1. **Minimal base images** — Use slim/alpine variants; pin to digest for reproducibility. 2. **Multi-stage builds** — Separate build dependencies from runtime. 3. **Layer optimization** — Combine RUN commands; place frequently changed files last. 4. **COPY over ADD** — ADD only for tar extraction or remote URLs. ### Security 5. **Non-root users** — Always use UID >10000; never run as root in production. 6. **No secrets in images** — Use Docker secrets or runtime env injection. 7. **.dockerignore required** — Exclude .git, .env, node_modules, build artifacts. ### Runtime 8. **One process per container** — Single responsibility principle. 9. **Healthchecks required** — Define HEALTHCHECK in Dockerfile or Compose. 10. **Resource limits** — Always set mem_limit and cpus in production. ### Compose 11. **Network segmentation** — Dedicated networks per service group. 12. **Named volumes** — Never use anonymous volumes in production. 13. **depends_on with healthchecks** — Use `condition: service_healthy`. 14. **Environment separation** — Use override files for dev/staging/prod. ## Gotchas - `COPY . .` before `RUN npm install` busts the cache on EVERY code change. Copy `package*.json` first, install, THEN copy source. - Alpine uses musl libc, not glibc. Python packages with C extensions (numpy, pandas, cryptography) may fail to install or need `apk add` build dependencies. Consider `-slim` variants if you hit this. - `ENTRYPOINT ["python", "app.py"]` (exec form) handles signals correctly. `ENTRYPOINT python app.py` (shell form) wraps in `/bin/sh -c` and PID 1 won't receive SIGTERM — containers take 10s to stop. - Docker layer cache is invalidated from the FIRST changed layer downward. A changed `COPY` near the top rebuilds everything below it. - `depends_on` without `condition: service_healthy` only waits for container START, not readiness. Your app will crash connecting to a database that's still initializing. - `host.docker.internal` works on Docker Desktop (Mac/Windows) but NOT on Linux. Use `--network host` or explicit container networking on Linux. - Build args (`ARG`) are NOT available after `FROM` in multi-stage builds unless re-declared. Each stage starts fresh. - `docker compose up` reuses existing containers. After changing `Dockerfile`, you need `docker compose up --build` or `docker compose build` first. - Volume mounts override the container's filesystem — if your `node_modules` are built inside the container but you mount `.:/app`, the host's (possibly empty) `node_modules` shadows them. Use a named volume for `node_modules`. - `EXPOSE` is documentation only — it does NOT publish the port. You still need `-p 8080:8080` or `ports:` in compose. - Docker's default bridge network does NOT provide DNS resolution between containers. Use a custom network or compose's default network. ## References | When you need... | Read | |------------------|------| | Dockerfile patterns, CMD vs ENTRYPOINT | [dockerfile.md](./references/dockerfile.md) | | Compose services, networks, volumes | [compose.md](./references/compose.md) | | Security hardening | [security.md](./references/security.md) | | Production deployment | [production.md](./references/production.md) |
Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction.
Answer questions about code, architecture, and technical decisions — no implementation. Trigger on questions asking 'why', 'what does this do', 'what is the purpose of', 'explain', 'what's the difference', 'compare', or 'what are the tradeoffs' — even when referencing specific files, code snippets, or inline code. The key signal is the user wants to UNDERSTAND something, not change it. Do NOT trigger for requests to build, fix, plan, review, research, or add/modify code.
Implement, build, create, or add any feature, endpoint, page, component, or functionality. Use this skill whenever the user asks you to write new code or make code changes — whether it's adding an API endpoint, building a UI page, creating an export feature, wiring up a webhook, implementing a search/filter, or any other hands-on coding task. This is the default skill for all 'build this', 'add this', 'create this', 'wire up', 'implement' requests. Covers the full cycle: clarify requirements, plan if needed, write code, verify, and review. Do NOT use for pure research, debugging, documentation, or explanation — only when the user wants working code delivered.
Use when the user wants to save knowledge as a file so others don't have to rediscover it — \"turn this into a doc\", \"write this up\", \"document how X works\", \"we figured this out and want to capture it\", \"nobody should have to figure this out again\". Covers any request to create or update durable written artifacts: onboarding guides, runbooks, ADRs, API docs, architecture notes, postmortems, changelogs, setup guides. The trigger: user wants knowledge captured in a file for future reference, not just a conversation. Do NOT use when still making decisions (→ give-plan), just asking for explanation without a file (→ ask), or writing code (→ cook).
Investigate unexpected behavior and mysterious bugs. Use when the cause of a problem is unknown and the user needs to understand WHY something is happening — symptoms like: sudden unexplained changes in metrics or behavior, works locally but not in staging/production, inconsistent or intermittent failures, correct code producing wrong results, operations succeeding but having no effect, environment-specific failures, duplicate executions, stale data, or any \"why did this change?\" or \"why is this happening?\" situation. Covers infrastructure anomalies (cache hit rates dropping, latency spikes, queue behavior shifts) as well as code bugs. The key signal is confusion about root cause, not a request to implement a known fix. Do NOT use for feature requests, known fixes, planning, or documentation tasks.
Brainstorms and debates approaches, then drives toward an actionable decision. Use whenever someone needs a thinking partner for a decision they're facing: 'discuss', 'debate', 'brainstorm', 'weigh options', 'tradeoffs', 'should I do X or Y', 'help me decide', 'I'm torn between', 'sanity check my thinking', or 'what do you think about'. The user must be asking for help reasoning through a choice — not asking to build, fix, evaluate, plan, or modify something (even if the topic involves this skill itself). Picks the right decision lens, surfaces tradeoffs and blind spots, pushes back when reasoning is genuinely weak, and never implements.
Fetch up-to-date documentation for any library, framework, API, or service into context. Use when the user wants to look up API references, check function signatures or required fields, find feature-specific docs, or verify how an external tool actually works. Triggers for queries about third-party libraries like Stripe, SQLAlchemy, Tailwind, FastAPI, shadcn, Drizzle, Hono, Better Auth — any time the answer lives in official docs rather than in the project codebase. Use this instead of guessing from trained knowledge, which is stale.
Fix bugs and broken behavior when there is enough evidence to act on a repair path. Use for errors, crashes, incorrect results, API failures (500, 404, 403), CORS problems, database exceptions, broken rendering, duplicated or wrong data, off-by-one mistakes, timezone/date bugs, broken forms, config-caused runtime failures, and regressions. Trigger when the user wants the bug repaired and the conversation already contains a clear failing area, a reproducible failing test, a concrete error path, or a prior diagnosis to implement. Do NOT use for new features, pure explanation, architecture discussion, broad research, or bug reports where the main need is figuring out why the behavior happens — use diagnose for that.