{
  "context": "Tests whether the agent proactively follows DevOps best practices when containerizing a full-stack application with docker-compose. The task only asks to containerize and set up docker-compose — it never mentions multi-stage builds, non-root users, health checks, environment variable patterns, or .dockerignore. A production-ready setup should have all of these.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Multi-stage build for backend",
      "description": "Backend Dockerfile uses multi-stage build: a build stage for TypeScript compilation and a production stage with only compiled output and production dependencies.",
      "max_score": 10
    },
    {
      "name": "Multi-stage build for frontend",
      "description": "Frontend Dockerfile uses multi-stage build: a build stage for Vite/React compilation and a production stage using nginx (or similar) to serve only the static files.",
      "max_score": 10
    },
    {
      "name": "Non-root user in at least one Dockerfile",
      "description": "At least one Dockerfile (preferably both) creates a non-root user and uses the USER instruction. The container does not run as root.",
      "max_score": 10
    },
    {
      "name": ".dockerignore file(s) created",
      "description": "One or more .dockerignore files are created that exclude node_modules, .git, and .env files from the Docker build context.",
      "max_score": 8
    },
    {
      "name": "Environment variables not hardcoded in docker-compose",
      "description": "Database credentials and connection strings in docker-compose.yml use environment variable references (${VAR_NAME}) or .env file references, not hardcoded plain text values. Database passwords are not visible as literal strings in the compose file.",
      "max_score": 12
    },
    {
      "name": "Health checks in docker-compose",
      "description": "At least the backend service (and ideally PostgreSQL) has a healthcheck defined in docker-compose.yml. The backend health check probes the /health endpoint.",
      "max_score": 10
    },
    {
      "name": "depends_on with health condition",
      "description": "The backend service uses depends_on with condition: service_healthy for the database, ensuring the database is ready before the backend starts.",
      "max_score": 8
    },
    {
      "name": "Persistent volume for PostgreSQL",
      "description": "PostgreSQL data is stored in a named volume (not a bind mount or ephemeral container storage) to persist data across container restarts.",
      "max_score": 8
    },
    {
      "name": "Specific base image tags",
      "description": "All FROM instructions use specific version tags (e.g., node:20-alpine, nginx:1.25-alpine, postgres:16-alpine) rather than :latest.",
      "max_score": 5
    },
    {
      "name": "Cache-efficient layer ordering",
      "description": "Both Dockerfiles copy package.json/package-lock.json before source code and install dependencies between the two COPY steps for cache efficiency.",
      "max_score": 7
    },
    {
      "name": "HEALTHCHECK in Dockerfile",
      "description": "At least one Dockerfile includes a HEALTHCHECK instruction.",
      "max_score": 5
    },
    {
      "name": ".env.example or documentation of required env vars",
      "description": "A .env.example file is provided listing all required environment variables with placeholder values, or the required variables are clearly documented.",
      "max_score": 7
    }
  ]
}