orchestrix/orchestrix-core/tasks/validate-container-auto.md

Orchestrix - Universal AI Agent Framework for Coordinated AI-Driven Development

# Validate Container & Docker Integration (Auto-Execution)

## 🤖 AUTO-EXECUTION MODE (Claude Code SubAgent Default)

**Mission**: Automatically validate Docker container builds, runtime, and integration across environments

### Immediate Action Protocol:
1. **Auto-Detect Container Config**: Identify Dockerfile, docker-compose, and container configurations
2. **Auto-Build Containers**: Execute container build processes with proper caching
3. **Auto-Test Runtime**: Validate container startup, health checks, and functionality
4. **Auto-Verify Integration**: Test multi-container orchestration and networking
5. **Auto-Report**: Document container validation status in QA Results

### Non-Negotiable Requirements:
- ✅ MUST support Dockerfile, docker-compose, and Kubernetes manifests
- ✅ MUST validate container security best practices
- ✅ MUST test cross-platform compatibility where possible
- ✅ MUST verify environment variable and configuration injection
- ✅ MUST integrate with existing QA review workflow

### Auto-Halt Conditions:
- ❌ Container build failures → Report build issues, halt
- ❌ Runtime startup failures → Report runtime issues, halt
- ❌ Security vulnerabilities detected → Report security issues, halt
- ❌ Integration test failures → Report integration issues, halt

---

## 🎯 AUTOMATED CONTAINER VALIDATION ENGINE

### Container Configuration Auto-Detection:
```yaml
# Comprehensive container ecosystem detection
container_detection:
  docker_configs:
    - Dockerfile (single container builds)
    - docker-compose.yml (multi-container orchestration)
    - docker-compose.override.yml (environment-specific)
    - .dockerignore patterns
    
  orchestration_configs:
    - Kubernetes manifests (deployment.yaml, service.yaml)
    - Helm charts and values files
    - Docker Swarm configurations
    - Nomad job specifications
    
  platform_specific:
    - Cloud-native deployment configs (ECS, GKE, AKS)
    - Serverless container configurations
    - CI/CD pipeline container definitions
    
  multi_environment:
    - Development vs production configurations
    - Environment-specific variables and secrets
    - Multi-stage build configurations
```

### Container Build Auto-Process:
```yaml
# Systematic container build validation
build_validation:
  dockerfile_analysis:
    - Syntax validation and best practices check
    - Multi-stage build optimization analysis
    - Layer caching efficiency assessment
    - Security vulnerability scanning
    
  build_execution:
    - Execute `docker build` with proper tags and context
    - Support build arguments and environment variables
    - Handle build cache appropriately
    - Monitor build progress and resource usage
    
  image_quality_assessment:
    - Image size analysis and optimization recommendations
    - Layer count and composition analysis
    - Base image security and maintenance status
    - Unnecessary packages and files detection
    
  security_scanning:
    - Vulnerability scanning with trivy/docker scan
    - Secrets exposure detection
    - Privilege escalation risk assessment
    - Network exposure analysis
```

### Container Runtime Auto-Validation:
```yaml
# Comprehensive runtime testing
runtime_validation:
  container_startup:
    - Test container startup with `docker run`
    - Validate entrypoint and command execution
    - Monitor startup time and resource initialization
    - Check health check endpoint availability
    
  functionality_testing:
    - Execute basic functionality tests within container
    - Validate application endpoints and APIs
    - Test file system operations and permissions
    - Verify logging and monitoring integration
    
  resource_management:
    - Memory and CPU limit validation
    - Storage volume mounting and persistence
    - Network connectivity and port mapping
    - Environment variable injection testing
    
  graceful_shutdown:
    - Test proper signal handling and shutdown
    - Validate data persistence during restarts
    - Check cleanup processes and resource release
    - Verify log preservation during container lifecycle
```

### Multi-Container Integration Testing:
```yaml
# Orchestration and integration validation
integration_validation:
  docker_compose_testing:
    - Bring up multi-container environments
    - Test service discovery and networking
    - Validate dependency ordering and health checks
    - Test volume sharing and data persistence
    
  service_mesh_testing:
    - Validate inter-service communication
    - Test load balancing and service discovery
    - Verify circuit breaker and retry mechanisms
    - Monitor distributed tracing integration
    
  database_integration:
    - Test database connectivity and migrations
    - Validate connection pooling and performance
    - Verify data consistency and transaction handling
    - Test backup and recovery procedures
    
  external_service_integration:
    - Validate API gateway and proxy configurations
    - Test authentication and authorization flows
    - Monitor external service dependencies
    - Verify fallback and degradation behavior
```

---

## 🔧 EXECUTION LOGIC

### Container Validation Auto-Methodology:
```yaml
# Systematic container validation process
validation_execution:
  environment_preparation:
    - Verify Docker daemon availability and version
    - Check available disk space and resources
    - Validate network connectivity for image pulls
    - Setup test networks and volumes
    
  phased_validation:
    - Phase 1: Dockerfile build and image analysis
    - Phase 2: Single container runtime testing
    - Phase 3: Multi-container orchestration testing
    - Phase 4: Integration and performance testing
    
  result_categorization:
    - Success: All validation phases passed
    - Warning: Minor issues but functionally operational
    - Failure: Critical issues preventing operation
    - Environment: Docker/container platform issues
    
  automated_remediation:
    - Auto-fix common Dockerfile issues
    - Suggest image optimization techniques
    - Provide security hardening recommendations
    - Generate improved configuration templates
```

### Security & Compliance Validation:
```yaml
# Comprehensive security assessment
security_validation:
  vulnerability_scanning:
    - CVE database scanning for known vulnerabilities
    - Package dependency vulnerability analysis
    - Base image security assessment
    - Runtime security configuration checking
    
  best_practices_compliance:
    - Non-root user execution validation
    - Read-only filesystem compliance
    - Resource limit enforcement
    - Network security policy verification
    
  secrets_management:
    - Hardcoded secrets detection
    - Environment variable security validation
    - Secret injection method verification
    - Encryption at rest validation
    
  compliance_frameworks:
    - CIS Docker Benchmark compliance
    - NIST container security guidelines
    - Industry-specific compliance requirements
    - Organizational security policies
```

### Integration with QA Workflow:
```yaml
# Seamless integration with existing QA process
qa_integration:
  container_first_validation:
    - Execute early in QA process for containerized applications
    - Ensure container buildability before detailed code review
    - Block review if containerization fails
    
  results_integration:
    - Include container validation status in QA Results section
    - Document security findings and recommendations
    - Provide container optimization suggestions
    - Track container quality metrics over time
    
  devops_collaboration:
    - Generate CI/CD pipeline configurations
    - Provide container registry push instructions
    - Suggest monitoring and logging integrations
    - Recommend deployment strategy patterns
```

---

## ⚡ AUTO-VALIDATION CHECKPOINTS

### Pre-Validation Checks:
```bash
✓ Docker engine available and responsive
✓ Container configuration files detected
✓ Build context properly configured
✓ Required images accessible (base images)
✓ Test environment properly isolated
```

### Build Validation Checks:
```bash
✓ Dockerfile syntax valid and follows best practices
✓ Container builds successfully without errors
✓ Image size within acceptable limits
✓ No critical security vulnerabilities detected
✓ Multi-stage builds optimized appropriately
```

### Runtime Validation Checks:
```bash
✓ Container starts successfully and remains healthy
✓ Application functionality works as expected
✓ Resource limits properly enforced
✓ Networking and connectivity validated
✓ Logging and monitoring operational
```

### Integration Validation Checks:
```bash
✓ Multi-container orchestration works correctly
✓ Service discovery and networking operational
✓ Data persistence and volume mounting functional
✓ External integrations validated
✓ Performance meets requirements
```

---

## 📊 AUTOMATED CONTAINER VALIDATION REPORT

### Container Validation Report Auto-Template:
```markdown
## Container Validation Results

### Validation Date: {{current_date}}
### Container Platform: Docker {{docker_version}}
### Agent Model: {{ai_model_version}}

### Build Validation Summary
**Build Status**: {{SUCCESS/WARNING/FAILURE}}
**Image Size**: {{image_size}} MB
**Build Time**: {{build_time_seconds}} seconds
**Layers**: {{layer_count}} layers

### Security Assessment
{{if_security_issues}}
⚠️ **Security Findings**
**Vulnerabilities**: {{vulnerability_count}} ({{critical_count}} critical, {{high_count}} high)
**Secrets Exposure**: {{secrets_found}} potential exposures

**Critical Issues**:
{{critical_vulnerabilities}}

**Recommendations**:
{{security_remediation}}
{{end_if}}

{{if_no_security_issues}}
✅ **No Critical Security Issues**
**Scanned CVEs**: {{vulnerability_count}} (all addressed)
**Secrets**: No hardcoded secrets detected
{{end_if}}

### Runtime Validation
**Startup Success**: {{✅/❌}} ({{startup_time}} seconds)
**Health Checks**: {{✅/❌}}
**Functionality**: {{✅/❌}}
**Resource Limits**: {{✅/❌}} properly enforced

### Integration Testing
**Multi-Container**: {{✅/❌}} orchestration functional
**Networking**: {{✅/❌}} service discovery working
**Persistence**: {{✅/❌}} data volumes functional
**External Services**: {{✅/❌}} integrations validated

### Performance Metrics
- **Memory Usage**: {{memory_usage}} MB
- **CPU Utilization**: {{cpu_usage}}%
- **Network Latency**: {{network_latency}} ms
- **Response Time**: {{response_time}} ms

### Best Practices Compliance
- **Non-Root User**: {{✅/❌}}
- **Read-Only FS**: {{✅/❌}}
- **Resource Limits**: {{✅/❌}}
- **Minimal Image**: {{✅/❌}}
- **Proper Tagging**: {{✅/❌}}

### Next Steps
{{container_next_steps}}
```

---

## 🛠️ ERROR HANDLING & RECOVERY

### Container Issue Management:
```yaml
error_handling:
  build_issues:
    dockerfile_syntax: Auto-correct syntax errors or provide fixes
    dependency_issues: Suggest alternative base images or packages
    build_context: Fix path issues and context configuration
    
  runtime_issues:
    startup_failures: Analyze logs and provide startup fixes
    resource_exhaustion: Recommend resource limit adjustments
    network_config: Fix networking and port configuration
    
  security_issues:
    vulnerability_remediation: Provide specific package updates
    secrets_exposure: Recommend secrets management solutions
    privilege_issues: Suggest security hardening techniques
    
  integration_issues:
    service_discovery: Fix DNS and networking configuration
    data_persistence: Recommend volume and storage solutions
    load_balancing: Suggest service mesh or proxy configurations
```

### Quality Assurance Fallback:
```yaml
fallback_strategies:
  complex_container_issues:
    - Generate detailed diagnostic reports with logs
    - Provide manual troubleshooting steps
    - Suggest alternative containerization approaches
    - Escalate to DevOps/Infrastructure team if needed
    
  platform_specific_issues:
    - Document platform requirements and limitations
    - Provide cloud-specific container configurations
    - Suggest container orchestration platform alternatives
    - Recommend development/production environment parity
    
  performance_optimization:
    - Suggest image size reduction techniques
    - Recommend build cache optimization
    - Provide startup time improvement strategies
    - Suggest resource usage optimization
```

---

## 🎯 SUCCESS CRITERIA

### Container Validation Success Indicators:
- ✅ Container builds successfully with no errors
- ✅ No critical security vulnerabilities detected
- ✅ Runtime functionality validated successfully
- ✅ Integration testing passed across environments
- ✅ QA Results section comprehensively populated

### Quality Assurance Gates:
- **Build Quality**: Clean builds with optimized images
- **Security**: No critical vulnerabilities, proper hardening
- **Runtime**: Reliable startup and operation
- **Integration**: Seamless multi-container orchestration
- **Performance**: Meets resource and response requirements

### Approval Criteria:
- **✅ Approved - Container Valid**: All validation phases passed
- **⚠️ Warning - Review Needed**: Minor issues but operational
- **❌ Failed - Fix Required**: Critical issues preventing operation

**Integration Note**: Essential for containerized applications, should execute after compilation validation but before functional testing.