- Route Dockhand Docker access through docker-socket-proxy via
DOCKER_HOST=tcp://docker-socket-proxy:2375 instead of direct
socket mount, enforcing the security model documented in AGENTS.md
- Add POST, DELETE, ALLOW_START, ALLOW_STOP, ALLOW_RESTARTS
permissions to socket proxy for Dockhand container management
- Add deploy.resources.limits.memory to all 16 services
(128M-1024M depending on service needs)
- Add MailHog SMTP port 4019 mapping (1025 internal) so applications
can actually send test emails to MailHog
- Remove stale config/portainer/ directory
💘 Generated with Crush
Assisted-by: GLM-5.1 via Crush <crush@charm.land>
- Add .gitignore excluding generated docker-compose.yml, demo.env,
editor files, and temporary files
- Remove demo/docker-compose.yml from tracking (generated by envsubst)
- Remove demo/demo.env from tracking (contains per-machine values)
- Add demo/demo.env.template as reference for required configuration
- Remove stale config/portainer/ directory (Portainer not in stack)
💘 Generated with Crush
Assisted-by: GLM-5.1 via Crush <crush@charm.land>
