Commit 3a0f7cf906fe

@@ -0,0 +1,83 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p jq
+# shellcheck shell=bash
+
+# DetectRuntime.sh - Detect Docker or Podman runtime and return information
+# Usage: DetectRuntime.sh [--json]
+
+set -euo pipefail
+
+detect_runtime() {
+    local runtime=""
+    local compose=""
+    local version=""
+    local rootless="false"
+    local socket=""
+
+    # Check for Podman first (preference for rootless)
+    if command -v podman &>/dev/null; then
+        runtime="podman"
+        version=$(podman --version | awk '{print $3}')
+
+        # Check if running rootless
+        if podman info --format '{{.Host.Security.Rootless}}' 2>/dev/null | grep -q "true"; then
+            rootless="true"
+            socket="unix://$XDG_RUNTIME_DIR/podman/podman.sock"
+        else
+            rootless="false"
+            socket="unix:///run/podman/podman.sock"
+        fi
+
+        # Check for podman-compose
+        if command -v podman-compose &>/dev/null; then
+            compose="podman-compose"
+        elif command -v docker-compose &>/dev/null; then
+            compose="docker-compose"
+        else
+            compose="none"
+        fi
+    # Fall back to Docker
+    elif command -v docker &>/dev/null; then
+        runtime="docker"
+        version=$(docker --version | awk '{print $3}' | tr -d ',')
+        rootless="false"
+        socket="unix:///var/run/docker.sock"
+
+        # Check for docker-compose
+        if docker compose version &>/dev/null; then
+            compose="docker-compose-plugin"
+        elif command -v docker-compose &>/dev/null; then
+            compose="docker-compose"
+        else
+            compose="none"
+        fi
+    else
+        echo "ERROR: Neither Docker nor Podman found in PATH" >&2
+        exit 1
+    fi
+
+    # Output format
+    if [[ "${1:-}" == "--json" ]]; then
+        jq -n \
+            --arg runtime "$runtime" \
+            --arg version "$version" \
+            --arg compose "$compose" \
+            --arg rootless "$rootless" \
+            --arg socket "$socket" \
+            '{
+                runtime: $runtime,
+                version: $version,
+                compose: $compose,
+                rootless: ($rootless == "true"),
+                socket: $socket
+            }'
+    else
+        echo "Runtime: $runtime"
+        echo "Version: $version"
+        echo "Compose: $compose"
+        echo "Rootless: $rootless"
+        echo "Socket: $socket"
+    fi
+}
+
+detect_runtime "$@"

@@ -0,0 +1,111 @@
+# BuildImage Workflow
+
+Build container images with best practices for Docker or Podman.
+
+## Process
+
+1. **Detect Runtime**
+   - Run `DetectRuntime.sh` to determine Docker/Podman
+   - Identify available build tools (buildx, buildah)
+
+2. **Analyze Context**
+   - Check for existing Dockerfile
+   - If no Dockerfile exists, ask user if they want to create one
+   - Review Dockerfile for best practices
+
+3. **Determine Build Strategy**
+   - Single-stage vs multi-stage build
+   - Build arguments needed
+   - Target platform(s)
+   - Tags to apply
+
+4. **Build Image**
+   - Use detected runtime (docker/podman)
+   - Apply appropriate tags
+   - Show build progress
+   - Handle build errors
+
+5. **Post-Build Actions**
+   - Display image size
+   - Show image layers (if requested)
+   - Suggest optimizations if image is large
+   - Offer to run security scan
+
+## Best Practices to Check
+
+### Dockerfile Quality
+- [ ] Uses specific base image tags (not `latest`)
+- [ ] Minimizes number of layers
+- [ ] Uses multi-stage builds where appropriate
+- [ ] Runs as non-root user
+- [ ] Has .dockerignore file
+- [ ] No secrets embedded
+- [ ] Proper layer ordering (least to most frequently changed)
+
+### Build Optimization
+- [ ] Leverages build cache effectively
+- [ ] Combines RUN commands where appropriate
+- [ ] Cleans up in the same layer
+- [ ] Uses minimal base images
+
+## Example Commands
+
+### Docker
+```bash
+# Basic build
+docker build -t myapp:latest .
+
+# Build with arguments
+docker build --build-arg VERSION=1.0 -t myapp:1.0 .
+
+# Build with specific target
+docker build --target production -t myapp:prod .
+
+# Build with no cache
+docker build --no-cache -t myapp:latest .
+```
+
+### Podman
+```bash
+# Basic build
+podman build -t myapp:latest .
+
+# Build with arguments
+podman build --build-arg VERSION=1.0 -t myapp:1.0 .
+
+# Build with specific target
+podman build --target production -t myapp:prod .
+
+# Build with no cache
+podman build --no-cache -t myapp:latest .
+```
+
+## Common Issues
+
+**Issue**: Build fails with permission denied
+- **Docker**: User not in docker group or daemon not running
+- **Podman**: Check rootless permissions, may need `podman system migrate`
+
+**Issue**: Large image size
+- Suggest multi-stage builds
+- Recommend OptimizeImage workflow
+
+**Issue**: Build cache not working
+- Check layer ordering
+- Verify .dockerignore excludes changing files
+
+## Output Format
+
+After successful build:
+```
+✓ Image built successfully
+  Runtime: docker/podman
+  Image: myapp:latest
+  Size: 125 MB
+  Build time: 45s
+
+Next steps:
+  - Run the image: docker run myapp:latest
+  - Scan for vulnerabilities: [trigger SecurityScan]
+  - Push to registry: [trigger RegistryManage]
+```

@@ -0,0 +1,416 @@
+# BuildMultiArch Workflow
+
+Build container images for multiple CPU architectures (AMD64, ARM64, ARM/v7, etc.).
+
+## Process
+
+1. **Detect Runtime and Builder**
+   - Run `DetectRuntime.sh` to determine Docker/Podman
+   - Check for buildx (Docker) or buildah (Podman)
+
+2. **Determine Target Platforms**
+   - Common: linux/amd64, linux/arm64, linux/arm/v7
+   - User-specified platforms
+
+3. **Setup Multi-Arch Builder**
+   - Create/use buildx builder (Docker)
+   - Configure QEMU for cross-compilation
+
+4. **Build for Multiple Platforms**
+   - Build image for each platform
+   - Create manifest list
+   - Optionally push to registry
+
+5. **Verify Build**
+   - Check manifest
+   - Verify platforms
+
+## Docker with Buildx
+
+### Setup
+
+**Install QEMU (if not present):**
+```bash
+docker run --privileged --rm tonistiigi/binfmt --install all
+```
+
+**Create builder:**
+```bash
+docker buildx create --name multiarch --driver docker-container --use
+docker buildx inspect --bootstrap
+```
+
+**List available platforms:**
+```bash
+docker buildx inspect --bootstrap | grep Platforms
+```
+
+### Build Multi-Arch Image
+
+**Build for multiple platforms:**
+```bash
+docker buildx build \
+  --platform linux/amd64,linux/arm64,linux/arm/v7 \
+  -t myregistry/myapp:latest \
+  --push \
+  .
+```
+
+**Build and load locally (single platform):**
+```bash
+docker buildx build \
+  --platform linux/arm64 \
+  -t myapp:arm64 \
+  --load \
+  .
+```
+
+**Build without pushing:**
+```bash
+docker buildx build \
+  --platform linux/amd64,linux/arm64 \
+  -t myregistry/myapp:latest \
+  .
+```
+
+**Build with output to registry:**
+```bash
+docker buildx build \
+  --platform linux/amd64,linux/arm64,linux/arm/v7 \
+  -t myregistry/myapp:latest \
+  --push \
+  .
+```
+
+### Advanced Buildx
+
+**Use specific builder:**
+```bash
+docker buildx build \
+  --builder multiarch \
+  --platform linux/amd64,linux/arm64 \
+  -t myapp:latest \
+  .
+```
+
+**Build with cache:**
+```bash
+docker buildx build \
+  --platform linux/amd64,linux/arm64 \
+  --cache-from type=registry,ref=myregistry/myapp:buildcache \
+  --cache-to type=registry,ref=myregistry/myapp:buildcache,mode=max \
+  -t myregistry/myapp:latest \
+  --push \
+  .
+```
+
+**Build different tags per platform:**
+```bash
+docker buildx build \
+  --platform linux/amd64 \
+  -t myregistry/myapp:amd64 \
+  --push \
+  .
+
+docker buildx build \
+  --platform linux/arm64 \
+  -t myregistry/myapp:arm64 \
+  --push \
+  .
+```
+
+### Manage Builders
+
+**List builders:**
+```bash
+docker buildx ls
+```
+
+**Remove builder:**
+```bash
+docker buildx rm multiarch
+```
+
+**Use default builder:**
+```bash
+docker buildx use default
+```
+
+## Podman with Buildah
+
+### Setup
+
+**Install QEMU:**
+```bash
+# On host system (requires root/sudo)
+sudo dnf install qemu-user-static  # Fedora/RHEL
+sudo apt install qemu-user-static  # Debian/Ubuntu
+
+# Or with Podman
+podman run --rm --privileged multiarch/qemu-user-static --reset -p yes
+```
+
+### Build Multi-Arch Image
+
+**Build for specific platform:**
+```bash
+podman build \
+  --platform linux/arm64 \
+  -t myapp:arm64 \
+  .
+```
+
+**Build for multiple platforms (requires manifest):**
+```bash
+# Build for each platform separately
+podman build --platform linux/amd64 -t myapp:amd64 .
+podman build --platform linux/arm64 -t myapp:arm64 .
+podman build --platform linux/arm/v7 -t myapp:armv7 .
+
+# Create manifest
+podman manifest create myapp:latest
+
+# Add images to manifest
+podman manifest add myapp:latest myapp:amd64
+podman manifest add myapp:latest myapp:arm64
+podman manifest add myapp:latest myapp:armv7
+
+# Push manifest
+podman manifest push myapp:latest docker://myregistry/myapp:latest
+```
+
+**Using buildah directly:**
+```bash
+# Build for ARM64
+buildah bud --arch arm64 -t myapp:arm64 .
+
+# Build for AMD64
+buildah bud --arch amd64 -t myapp:amd64 .
+```
+
+## Common Platforms
+
+| Platform | Description | Use Case |
+|----------|-------------|----------|
+| linux/amd64 | 64-bit x86 | Standard servers, desktops |
+| linux/arm64 | 64-bit ARM | Raspberry Pi 4, Apple Silicon, AWS Graviton |
+| linux/arm/v7 | 32-bit ARM v7 | Raspberry Pi 2/3, older ARM devices |
+| linux/arm/v6 | 32-bit ARM v6 | Raspberry Pi Zero/1 |
+| linux/386 | 32-bit x86 | Legacy systems |
+| linux/ppc64le | PowerPC 64-bit LE | IBM POWER systems |
+| linux/s390x | IBM Z | Mainframes |
+
+## Dockerfile Considerations
+
+### Platform-Specific Build
+
+**Using build arguments:**
+```dockerfile
+FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /app
+COPY . .
+
+# Build for target platform
+RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o app .
+
+FROM --platform=$TARGETPLATFORM alpine:latest
+COPY --from=builder /app/app /app
+ENTRYPOINT ["/app"]
+```
+
+**Platform-specific base images:**
+```dockerfile
+# Multi-stage with platform awareness
+FROM --platform=$BUILDPLATFORM golang:1.21 AS builder
+ARG TARGETARCH
+
+WORKDIR /src
+COPY . .
+RUN CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o app
+
+FROM alpine:latest
+COPY --from=builder /src/app /app
+CMD ["/app"]
+```
+
+**Conditional platform logic:**
+```dockerfile
+FROM alpine:latest
+
+ARG TARGETARCH
+
+# Install platform-specific packages
+RUN if [ "$TARGETARCH" = "arm64" ]; then \
+      echo "Installing ARM64 packages"; \
+    elif [ "$TARGETARCH" = "amd64" ]; then \
+      echo "Installing AMD64 packages"; \
+    fi
+
+COPY app /app
+CMD ["/app"]
+```
+
+## Verify Multi-Arch Images
+
+### Inspect Manifest
+
+**Docker:**
+```bash
+# Inspect manifest list
+docker buildx imagetools inspect myregistry/myapp:latest
+
+# Should show multiple platforms
+docker manifest inspect myregistry/myapp:latest
+```
+
+**Podman:**
+```bash
+# Inspect manifest
+podman manifest inspect myapp:latest
+
+# Show manifest details with skopeo
+skopeo inspect docker://myregistry/myapp:latest
+```
+
+### Test Platform-Specific Images
+
+**Run specific platform:**
+```bash
+# Force ARM64 on AMD64 host
+docker run --platform linux/arm64 myregistry/myapp:latest
+
+# Force AMD64 on ARM64 host
+docker run --platform linux/amd64 myregistry/myapp:latest
+```
+
+**Verify architecture inside container:**
+```bash
+docker run --rm myregistry/myapp:latest uname -m
+# Should show: x86_64, aarch64, armv7l, etc.
+```
+
+## Best Practices
+
+### Optimization
+
+1. **Use multi-stage builds:**
+   - Separate build and runtime stages
+   - Smaller final images
+
+2. **Leverage build cache:**
+   - Use remote cache for faster builds
+   - Order layers appropriately
+
+3. **Platform-specific optimizations:**
+   - Different base images for different architectures
+   - Conditional compilation flags
+
+### CI/CD Integration
+
+**GitHub Actions:**
+```yaml
+- name: Set up QEMU
+  uses: docker/setup-qemu-action@v2
+
+- name: Set up Docker Buildx
+  uses: docker/setup-buildx-action@v2
+
+- name: Build and push
+  uses: docker/build-push-action@v4
+  with:
+    platforms: linux/amd64,linux/arm64,linux/arm/v7
+    push: true
+    tags: myregistry/myapp:latest
+```
+
+**GitLab CI:**
+```yaml
+build-multiarch:
+  image: docker:latest
+  services:
+    - docker:dind
+  before_script:
+    - docker buildx create --use
+    - docker buildx install
+  script:
+    - docker buildx build
+      --platform linux/amd64,linux/arm64
+      -t myregistry/myapp:latest
+      --push .
+```
+
+### Testing
+
+- Test on actual hardware when possible
+- Use QEMU for cross-platform testing
+- Verify critical functionality on each platform
+- Check performance characteristics
+
+## Common Issues
+
+**Issue**: Build very slow for non-native platforms
+- **Cause**: QEMU emulation overhead
+- **Solution**: Use native builders (build on ARM for ARM), or accept slower builds
+
+**Issue**: Build fails with "exec format error"
+- **Cause**: QEMU not configured
+- **Solution**: Run `docker run --privileged --rm tonistiigi/binfmt --install all`
+
+**Issue**: Cannot load multi-platform image locally
+- **Cause**: Local load only supports single platform
+- **Solution**: Use `--platform` to specify one platform, or push to registry
+
+**Issue**: Different behavior on different platforms
+- **Cause**: Platform-specific dependencies or binaries
+- **Solution**: Review Dockerfile, ensure cross-platform compatibility
+
+**Issue**: Manifest push fails
+- **Cause**: Authentication or manifest format issues
+- **Solution**: Verify registry supports manifest lists, check credentials
+
+## Output Format
+
+After multi-arch build:
+```
+✓ Multi-architecture image built successfully
+  Runtime: docker buildx / podman
+  Image: myregistry/myapp:latest
+
+  Platforms built:
+    - linux/amd64 (152 MB)
+    - linux/arm64 (148 MB)
+    - linux/arm/v7 (145 MB)
+
+  Total build time: 8m 32s
+
+  Manifest pushed to: myregistry/myapp:latest
+
+  Verify:
+    docker buildx imagetools inspect myregistry/myapp:latest
+
+  Test platforms:
+    docker run --platform linux/amd64 myregistry/myapp:latest
+    docker run --platform linux/arm64 myregistry/myapp:latest
+```
+
+## Quick Reference
+
+```bash
+# Docker Buildx
+docker buildx create --name multiarch --use
+docker buildx build --platform linux/amd64,linux/arm64 -t myapp:latest --push .
+docker buildx imagetools inspect myregistry/myapp:latest
+
+# Podman Manifest
+podman build --platform linux/amd64 -t myapp:amd64 .
+podman build --platform linux/arm64 -t myapp:arm64 .
+podman manifest create myapp:latest
+podman manifest add myapp:latest myapp:amd64
+podman manifest add myapp:latest myapp:arm64
+podman manifest push myapp:latest docker://myregistry/myapp:latest
+```

@@ -0,0 +1,335 @@
+# CleanupResources Workflow
+
+Clean up unused containers, images, volumes, and networks to reclaim disk space.
+
+## Process
+
+1. **Detect Runtime**
+   - Run `DetectRuntime.sh` to determine Docker/Podman
+
+2. **Assess Current Usage**
+   - Show disk usage: `docker system df` / `podman system df`
+   - Identify reclaimable space
+
+3. **Determine Cleanup Scope**
+   - Containers (stopped)
+   - Images (unused/dangling)
+   - Volumes (unused)
+   - Networks (unused)
+   - Build cache
+
+4. **Preview What Will Be Removed**
+   - Show items to be removed
+   - Estimate space to be reclaimed
+   - **Ask for user confirmation before proceeding**
+
+5. **Execute Cleanup**
+   - Run appropriate prune commands
+   - Show space reclaimed
+
+## Check Disk Usage
+
+**System-wide overview:**
+```bash
+docker system df
+podman system df
+```
+
+**Detailed view:**
+```bash
+docker system df -v
+podman system df -v
+```
+
+## Cleanup Operations
+
+### Containers
+
+**Remove all stopped containers:**
+```bash
+docker container prune
+podman container prune
+```
+
+**Remove specific container:**
+```bash
+docker rm container_name
+podman rm container_name
+```
+
+**Remove all containers (dangerous!):**
+```bash
+# Stop all first
+docker stop $(docker ps -aq)
+docker rm $(docker ps -aq)
+
+podman stop -a
+podman rm -a
+```
+
+### Images
+
+**Remove dangling images (untagged):**
+```bash
+docker image prune
+podman image prune
+```
+
+**Remove unused images:**
+```bash
+docker image prune -a
+podman image prune -a
+```
+
+**Remove specific image:**
+```bash
+docker rmi image_name:tag
+podman rmi image_name:tag
+```
+
+**Remove all images (dangerous!):**
+```bash
+docker rmi $(docker images -q)
+podman rmi -a
+```
+
+### Volumes
+
+**Remove unused volumes:**
+```bash
+docker volume prune
+podman volume prune
+```
+
+**Remove specific volume:**
+```bash
+docker volume rm volume_name
+podman volume rm volume_name
+```
+
+**Remove all volumes (dangerous!):**
+```bash
+docker volume rm $(docker volume ls -q)
+podman volume rm -a
+```
+
+### Networks
+
+**Remove unused networks:**
+```bash
+docker network prune
+podman network prune
+```
+
+**Remove specific network:**
+```bash
+docker network rm network_name
+podman network rm network_name
+```
+
+### Build Cache
+
+**Clear build cache:**
+```bash
+docker builder prune
+podman system prune --all --volumes
+```
+
+**Clear all build cache (more aggressive):**
+```bash
+docker builder prune -a
+```
+
+### Complete System Cleanup
+
+**Prune everything (containers, images, volumes, networks):**
+```bash
+docker system prune -a --volumes
+podman system prune -a --volumes
+```
+
+**With force (skip confirmation):**
+```bash
+docker system prune -a --volumes -f
+podman system prune -a --volumes -f
+```
+
+## Safe Cleanup Strategy
+
+### Step-by-Step Approach
+
+1. **Start conservative:**
+   ```bash
+   # Remove stopped containers
+   docker container prune
+
+   # Remove dangling images
+   docker image prune
+   ```
+
+2. **Then volumes:**
+   ```bash
+   # Review volumes first
+   docker volume ls
+
+   # Remove unused
+   docker volume prune
+   ```
+
+3. **Finally unused images:**
+   ```bash
+   # This removes images not used by any container
+   docker image prune -a
+   ```
+
+4. **Build cache (if needed):**
+   ```bash
+   docker builder prune
+   ```
+
+### Filter by Age
+
+**Remove containers stopped more than 24 hours ago:**
+```bash
+docker container prune --filter "until=24h"
+podman container prune --filter "until=24h"
+```
+
+**Remove images created more than 7 days ago:**
+```bash
+docker image prune -a --filter "until=168h"
+podman image prune -a --filter "until=168h"
+```
+
+### Filter by Label
+
+**Remove containers with specific label:**
+```bash
+docker container prune --filter "label=project=myapp"
+podman container prune --filter "label=project=myapp"
+```
+
+## Best Practices
+
+### Regular Maintenance
+- Run cleanup weekly or monthly
+- Use automation (cron job)
+- Monitor disk usage
+
+### Safety Checks
+- **Always preview** what will be removed
+- **Never use `-f` (force)** without understanding impact
+- Keep tagged images you need
+- Backup important volumes before cleanup
+
+### Retention Strategy
+```bash
+# Keep images from last week
+docker image prune -a --filter "until=168h"
+
+# Keep containers stopped in last 24h
+docker container prune --filter "until=24h"
+```
+
+## Automated Cleanup
+
+### Docker System Prune with Cron
+
+```bash
+# Add to crontab (weekly cleanup)
+0 2 * * 0 docker system prune -a --volumes -f >> /var/log/docker-cleanup.log 2>&1
+```
+
+### Podman Auto-Prune
+
+```bash
+# Podman rootless with systemd timer
+systemctl --user enable --now podman-auto-update.timer
+```
+
+## Common Issues
+
+**Issue**: Important data deleted
+- **Prevention**: Always use named volumes for important data
+- **Recovery**: Check volume backups if available
+
+**Issue**: Still using too much space
+- Check for large log files: `/var/lib/docker/containers/*/*-json.log`
+- Configure log rotation:
+  ```json
+  {
+    "log-driver": "json-file",
+    "log-opts": {
+      "max-size": "10m",
+      "max-file": "3"
+    }
+  }
+  ```
+
+**Issue**: Cannot remove image in use
+- Check which containers use it: `docker ps -a --filter ancestor=image_name`
+- Stop and remove containers first
+
+**Issue**: Permission denied (Docker)
+- Use sudo or add user to docker group
+- With Podman: run as regular user (rootless)
+
+## Output Format
+
+After cleanup:
+```
+✓ Cleanup completed successfully
+  Runtime: docker/podman
+
+  Removed:
+    - Containers: 5
+    - Images: 12
+    - Volumes: 3
+    - Networks: 2
+
+  Space reclaimed: 2.5 GB
+
+  Current usage:
+    - Images: 5.2 GB
+    - Containers: 150 MB
+    - Volumes: 800 MB
+    - Build cache: 1.1 GB
+    - Total: 7.25 GB
+
+Next steps:
+  - Check usage: docker system df
+  - Schedule regular cleanup
+  - Configure log rotation
+```
+
+## Advanced Cleanup
+
+### Clean Specific Image Tags
+
+```bash
+# Remove old versions of specific image
+docker images myapp --format "{{.Tag}}" | grep -v "latest\|v1.0" | xargs -I {} docker rmi myapp:{}
+```
+
+### Clean by Pattern
+
+```bash
+# Remove all development images
+docker images | grep "\-dev" | awk '{print $3}' | xargs docker rmi
+
+# Remove unnamed images
+docker images --filter "dangling=true" -q | xargs docker rmi
+```
+
+### Podman-Specific Cleanup
+
+```bash
+# Reset entire podman storage (nuclear option)
+podman system reset
+
+# Clean up pods
+podman pod prune
+
+# Clean up specific user's containers (rootless)
+podman system prune --all
+```

@@ -0,0 +1,377 @@
+# ComposeManage Workflow
+
+Manage multi-container applications with Docker Compose or Podman Compose.
+
+## Process
+
+1. **Detect Runtime and Compose Tool**
+   - Run `DetectRuntime.sh` to determine available compose tool
+   - Check for `docker-compose`, `docker compose`, or `podman-compose`
+
+2. **Analyze Compose File**
+   - Check for `docker-compose.yml` or `compose.yaml`
+   - Validate compose file syntax
+   - Review services, networks, volumes defined
+
+3. **Determine Action**
+   - Start services (up)
+   - Stop services (down)
+   - Restart services
+   - View logs
+   - Scale services
+   - Build services
+
+4. **Execute Compose Command**
+   - Run appropriate compose command
+   - Handle environment variables
+   - Manage profiles if used
+
+5. **Verify State**
+   - Check service status
+   - Show running services
+   - Display relevant logs
+
+## Common Operations
+
+### Start Services
+
+**Start all services:**
+```bash
+docker-compose up -d
+docker compose up -d
+podman-compose up -d
+```
+
+**Start specific service:**
+```bash
+docker-compose up -d web
+docker compose up -d web
+podman-compose up -d web
+```
+
+**Start with build:**
+```bash
+docker-compose up -d --build
+docker compose up -d --build
+podman-compose up -d --build
+```
+
+**Start with specific file:**
+```bash
+docker-compose -f docker-compose.prod.yml up -d
+docker compose -f docker-compose.prod.yml up -d
+podman-compose -f docker-compose.prod.yml up -d
+```
+
+### Stop Services
+
+**Stop all services:**
+```bash
+docker-compose down
+docker compose down
+podman-compose down
+```
+
+**Stop and remove volumes:**
+```bash
+docker-compose down -v
+docker compose down -v
+podman-compose down -v
+```
+
+**Stop specific service:**
+```bash
+docker-compose stop web
+docker compose stop web
+podman-compose stop web
+```
+
+### View Status and Logs
+
+**List running services:**
+```bash
+docker-compose ps
+docker compose ps
+podman-compose ps
+```
+
+**View logs:**
+```bash
+docker-compose logs
+docker compose logs
+podman-compose logs
+```
+
+**Follow logs:**
+```bash
+docker-compose logs -f
+docker compose logs -f
+podman-compose logs -f
+```
+
+**Logs for specific service:**
+```bash
+docker-compose logs web
+docker compose logs web
+podman-compose logs web
+```
+
+### Build and Rebuild
+
+**Build all services:**
+```bash
+docker-compose build
+docker compose build
+podman-compose build
+```
+
+**Build specific service:**
+```bash
+docker-compose build web
+docker compose build web
+podman-compose build web
+```
+
+**Build with no cache:**
+```bash
+docker-compose build --no-cache
+docker compose build --no-cache
+podman-compose build --no-cache
+```
+
+### Scale Services
+
+**Scale service to multiple instances:**
+```bash
+docker-compose up -d --scale web=3
+docker compose up -d --scale web=3
+podman-compose up -d --scale web=3
+```
+
+### Execute Commands
+
+**Run command in service:**
+```bash
+docker-compose exec web bash
+docker compose exec web bash
+podman-compose exec web bash
+```
+
+**Run one-off command:**
+```bash
+docker-compose run web python manage.py migrate
+docker compose run web python manage.py migrate
+podman-compose run web python manage.py migrate
+```
+
+## Compose File Best Practices
+
+### Structure
+```yaml
+version: '3.8'
+
+services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:80"
+    environment:
+      - DATABASE_URL=postgres://db/myapp
+    depends_on:
+      - db
+    networks:
+      - app-network
+    volumes:
+      - ./app:/app
+    restart: unless-stopped
+
+  db:
+    image: postgres:16-alpine
+    environment:
+      - POSTGRES_DB=myapp
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    networks:
+      - app-network
+    secrets:
+      - db_password
+
+networks:
+  app-network:
+    driver: bridge
+
+volumes:
+  db-data:
+
+secrets:
+  db_password:
+    file: ./secrets/db_password.txt
+```
+
+### Key Points
+- Use specific image tags (not `latest`)
+- Use `.env` files for environment variables
+- Define health checks
+- Use secrets for sensitive data
+- Specify restart policies
+- Define resource limits
+- Use named volumes for persistence
+
+### Environment Variables
+
+**Using .env file:**
+```bash
+# .env
+DATABASE_URL=postgres://localhost/myapp
+SECRET_KEY=mysecret
+```
+
+**In compose file:**
+```yaml
+services:
+  web:
+    env_file:
+      - .env
+    # Or specific variables
+    environment:
+      - DATABASE_URL=${DATABASE_URL}
+```
+
+### Profiles
+
+**Define profiles:**
+```yaml
+services:
+  web:
+    # Always runs
+
+  debug:
+    profiles: ["debug"]
+    # Only runs with --profile debug
+```
+
+**Use profiles:**
+```bash
+docker-compose --profile debug up -d
+docker compose --profile debug up -d
+podman-compose --profile debug up -d
+```
+
+## Podman-Specific Considerations
+
+### Podman Compose vs Docker Compose
+
+**Podman Compose:**
+- Python-based implementation
+- Works with Podman daemon or rootless
+- May have slight syntax differences
+
+**Generate Kubernetes YAML from Compose:**
+```bash
+# Podman can generate K8s YAML
+podman-compose up
+podman generate kube mypod > pod.yaml
+```
+
+### Systemd Integration
+
+**Generate systemd unit from compose:**
+```bash
+# Start services
+podman-compose up -d
+
+# Get pod name
+podman pod ps
+
+# Generate systemd unit
+podman generate systemd --name mypod_pod --files
+
+# Move to systemd directory
+mv *.service ~/.config/systemd/user/
+
+# Enable
+systemctl --user enable --now mypod_pod.service
+```
+
+## Common Issues
+
+**Issue**: Compose file version not supported
+- Use version 3.8 or omit version (modern compose)
+- Check compose tool version
+
+**Issue**: Services can't communicate
+- Ensure services are on same network
+- Use service names as hostnames
+
+**Issue**: Port already in use
+- Check for conflicting services: `lsof -i :8080`
+- Change port mapping in compose file
+
+**Issue**: Volumes not persisting
+- Use named volumes instead of anonymous
+- Check volume definitions
+
+**Issue**: Environment variables not loading
+- Verify .env file location (same directory as compose file)
+- Check for quotes: `KEY=value` not `KEY="value"`
+
+## Output Format
+
+After compose operation:
+```
+✓ Services started successfully
+  Runtime: docker-compose / podman-compose
+  Services: 3 running
+    - web (0.0.0.0:8080->80/tcp)
+    - db (postgres:16-alpine)
+    - redis (redis:7-alpine)
+
+Next steps:
+  - View logs: docker-compose logs -f
+  - Check status: docker-compose ps
+  - Stop services: docker-compose down
+```
+
+## Advanced Features
+
+### Override Files
+
+**Use override for development:**
+```bash
+# docker-compose.override.yml automatically loaded
+docker-compose up -d
+
+# Or specify explicitly
+docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d
+```
+
+### Health Checks
+
+```yaml
+services:
+  web:
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+```
+
+### Resource Limits
+
+```yaml
+services:
+  web:
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.25'
+          memory: 256M
+```

@@ -0,0 +1,479 @@
+# DebugContainer Workflow
+
+Debug and troubleshoot running or failed containers.
+
+## Process
+
+1. **Detect Runtime**
+   - Run `DetectRuntime.sh` to determine Docker/Podman
+
+2. **Identify Container**
+   - List containers to find the target
+   - Get container name or ID
+
+3. **Determine Debug Approach**
+   - View logs
+   - Inspect container configuration
+   - Execute commands inside container
+   - Check resource usage
+   - Examine network connectivity
+   - Review filesystem
+
+4. **Execute Debug Commands**
+   - Run appropriate diagnostic commands
+   - Gather relevant information
+
+5. **Analyze and Report**
+   - Identify potential issues
+   - Suggest solutions
+
+## View Logs
+
+**Show container logs:**
+```bash
+docker logs container_name
+podman logs container_name
+```
+
+**Follow logs (real-time):**
+```bash
+docker logs -f container_name
+podman logs -f container_name
+```
+
+**Show last N lines:**
+```bash
+docker logs --tail 100 container_name
+podman logs --tail 100 container_name
+```
+
+**Show logs with timestamps:**
+```bash
+docker logs -t container_name
+podman logs -t container_name
+```
+
+**Show logs since specific time:**
+```bash
+docker logs --since 2024-01-01T10:00:00 container_name
+docker logs --since 1h container_name
+podman logs --since 1h container_name
+```
+
+**Search logs:**
+```bash
+docker logs container_name 2>&1 | grep ERROR
+podman logs container_name 2>&1 | grep ERROR
+```
+
+## Execute Commands
+
+**Open shell in running container:**
+```bash
+docker exec -it container_name /bin/bash
+docker exec -it container_name /bin/sh  # if bash not available
+podman exec -it container_name /bin/bash
+```
+
+**Run specific command:**
+```bash
+docker exec container_name ls -la /app
+docker exec container_name ps aux
+podman exec container_name cat /etc/os-release
+```
+
+**Run as specific user:**
+```bash
+docker exec -u www-data -it container_name bash
+podman exec -u 1000 -it container_name bash
+```
+
+**Set environment variables:**
+```bash
+docker exec -e DEBUG=true container_name python script.py
+podman exec -e DEBUG=true container_name python script.py
+```
+
+## Inspect Container
+
+**Full container details:**
+```bash
+docker inspect container_name
+podman inspect container_name
+```
+
+**Specific field:**
+```bash
+# Get IP address
+docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name
+
+# Get state
+docker inspect -f '{{.State.Status}}' container_name
+
+# Get exit code
+docker inspect -f '{{.State.ExitCode}}' container_name
+
+# Get environment variables
+docker inspect -f '{{.Config.Env}}' container_name
+```
+
+**Container configuration:**
+```bash
+# Mounts
+docker inspect -f '{{.Mounts}}' container_name
+
+# Ports
+docker inspect -f '{{.NetworkSettings.Ports}}' container_name
+
+# Command
+docker inspect -f '{{.Config.Cmd}}' container_name
+```
+
+## Monitor Resources
+
+**Real-time stats:**
+```bash
+docker stats container_name
+podman stats container_name
+```
+
+**All containers stats:**
+```bash
+docker stats
+podman stats
+```
+
+**Stats without streaming:**
+```bash
+docker stats --no-stream
+podman stats --no-stream
+```
+
+**Format output:**
+```bash
+docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
+```
+
+## Check Processes
+
+**List processes in container:**
+```bash
+docker top container_name
+podman top container_name
+```
+
+**Detailed process info:**
+```bash
+docker top container_name aux
+podman top container_name aux
+```
+
+## Network Debugging
+
+**Check container IP:**
+```bash
+docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name
+```
+
+**List networks:**
+```bash
+docker network ls
+podman network ls
+```
+
+**Inspect network:**
+```bash
+docker network inspect bridge
+podman network inspect podman
+```
+
+**Test connectivity from container:**
+```bash
+docker exec container_name ping google.com
+docker exec container_name curl http://api.example.com
+docker exec container_name nc -zv database 5432
+```
+
+**Check DNS resolution:**
+```bash
+docker exec container_name nslookup database
+docker exec container_name cat /etc/resolv.conf
+```
+
+**Port mapping:**
+```bash
+docker port container_name
+podman port container_name
+```
+
+## Filesystem Debugging
+
+**Copy files from container:**
+```bash
+docker cp container_name:/path/to/file ./local/path
+podman cp container_name:/path/to/file ./local/path
+```
+
+**Copy files to container:**
+```bash
+docker cp ./local/file container_name:/path/to/destination
+podman cp ./local/file container_name:/path/to/destination
+```
+
+**Check disk usage in container:**
+```bash
+docker exec container_name df -h
+docker exec container_name du -sh /var/log
+```
+
+**View file contents:**
+```bash
+docker exec container_name cat /etc/config.yml
+docker exec container_name tail -f /var/log/app.log
+```
+
+## Container Events
+
+**Watch events:**
+```bash
+docker events
+podman events
+```
+
+**Filter events for specific container:**
+```bash
+docker events --filter container=container_name
+podman events --filter container=container_name
+```
+
+**Filter by event type:**
+```bash
+docker events --filter event=start
+docker events --filter event=die
+```
+
+## Check Health
+
+**If healthcheck configured:**
+```bash
+docker inspect -f '{{.State.Health.Status}}' container_name
+docker inspect -f '{{json .State.Health}}' container_name | jq
+```
+
+## Common Issues and Solutions
+
+### Container Exits Immediately
+
+**Check exit code:**
+```bash
+docker inspect -f '{{.State.ExitCode}}' container_name
+```
+
+**Common exit codes:**
+- 0: Success
+- 1: Application error
+- 126: Command cannot be invoked
+- 127: Command not found
+- 137: SIGKILL (killed by system, often OOM)
+- 139: SIGSEGV (segmentation fault)
+- 143: SIGTERM (graceful termination)
+
+**Check logs:**
+```bash
+docker logs container_name
+```
+
+**Run interactively to debug:**
+```bash
+docker run -it --entrypoint /bin/bash image_name
+```
+
+### Permission Issues
+
+**Check user:**
+```bash
+docker exec container_name whoami
+docker exec container_name id
+```
+
+**Check file permissions:**
+```bash
+docker exec container_name ls -la /app
+```
+
+**Run as root:**
+```bash
+docker exec -u 0 -it container_name bash
+```
+
+### Network Connectivity Issues
+
+**Test from host to container:**
+```bash
+# Get container IP
+IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name)
+ping $IP
+curl http://$IP:8080
+```
+
+**Test from container to outside:**
+```bash
+docker exec container_name ping 8.8.8.8
+docker exec container_name curl https://google.com
+```
+
+**Check port bindings:**
+```bash
+docker port container_name
+netstat -tlnp | grep 8080
+```
+
+### Memory/CPU Issues
+
+**Check resources:**
+```bash
+docker stats container_name
+```
+
+**Check if OOM killed:**
+```bash
+docker inspect -f '{{.State.OOMKilled}}' container_name
+dmesg | grep -i oom
+```
+
+**Set resource limits:**
+```bash
+docker run --memory="512m" --cpus="1.0" image_name
+```
+
+### Volume/Mount Issues
+
+**Check mounts:**
+```bash
+docker inspect -f '{{json .Mounts}}' container_name | jq
+```
+
+**Verify volume exists:**
+```bash
+docker volume ls
+docker volume inspect volume_name
+```
+
+**Check permissions:**
+```bash
+docker exec container_name ls -la /mounted/path
+```
+
+## Advanced Debugging
+
+### Attach to Container
+
+**Attach to running container (see STDOUT/STDERR):**
+```bash
+docker attach container_name
+# Detach: Ctrl+P, Ctrl+Q
+```
+
+### Use nsenter (Advanced)
+
+**Enter container namespaces:**
+```bash
+# Get container PID
+PID=$(docker inspect -f '{{.State.Pid}}' container_name)
+
+# Enter namespaces
+nsenter -t $PID -n -u -i -p /bin/bash
+```
+
+### Strace Container Process
+
+**Trace system calls:**
+```bash
+docker exec container_name strace -p 1
+```
+
+### Export Container Filesystem
+
+**Export for offline analysis:**
+```bash
+docker export container_name > container.tar
+tar -xf container.tar
+```
+
+### Commit Container State
+
+**Save current state as image:**
+```bash
+docker commit container_name debug_snapshot:latest
+```
+
+## Podman-Specific Debugging
+
+### Check Rootless Mode
+
+```bash
+podman info --format '{{.Host.Security.Rootless}}'
+```
+
+### Troubleshoot Rootless
+
+```bash
+# Check subuid/subgid
+cat /etc/subuid
+cat /etc/subgid
+
+# Migrate storage if needed
+podman system migrate
+```
+
+### Pod Debugging
+
+```bash
+# List pods
+podman pod ps
+
+# Inspect pod
+podman pod inspect pod_name
+
+# Logs for all containers in pod
+podman pod logs pod_name
+```
+
+## Output Format
+
+After debugging session:
+```
+✓ Debug information gathered
+  Runtime: docker/podman
+  Container: myapp
+  Status: running
+  Uptime: 2h 15m
+
+  Findings:
+    - CPU Usage: 45%
+    - Memory: 256MB / 512MB
+    - Network: Connected to bridge
+    - Recent errors: 3 in last hour
+
+  Logs (last 10 lines):
+    [2024-01-01 10:00:00] INFO: Application started
+    [2024-01-01 10:05:30] WARN: Database connection slow
+    [2024-01-01 10:10:15] ERROR: Failed to connect to Redis
+
+  Recommendations:
+    - Check Redis connectivity
+    - Consider increasing database timeout
+    - Monitor memory usage (50% utilized)
+```
+
+## Quick Reference
+
+```bash
+# Quick debug checklist
+docker logs container_name              # Check logs
+docker inspect container_name           # Full details
+docker exec -it container_name bash     # Get shell
+docker stats container_name             # Resource usage
+docker top container_name               # Processes
+docker port container_name              # Port mappings
+```

@@ -0,0 +1,241 @@
+# ManageContainers Workflow
+
+Start, stop, restart, inspect, and manage container lifecycle.
+
+## Process
+
+1. **Detect Runtime**
+   - Run `DetectRuntime.sh` to determine Docker/Podman
+   - Check for running containers
+
+2. **Determine Action**
+   - List containers
+   - Start new container
+   - Stop/restart existing container
+   - Remove container
+   - Inspect container details
+
+3. **Execute Container Management**
+   - Run appropriate commands
+   - Handle container naming
+   - Manage ports and volumes
+   - Set environment variables
+
+4. **Verify State**
+   - Confirm container status
+   - Show logs if issues occur
+   - Display relevant information
+
+## Common Operations
+
+### List Containers
+
+**Show all running containers:**
+```bash
+docker ps
+podman ps
+```
+
+**Show all containers (including stopped):**
+```bash
+docker ps -a
+podman ps -a
+```
+
+**Format output:**
+```bash
+docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+podman ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+```
+
+### Start Containers
+
+**Run new container:**
+```bash
+docker run -d --name myapp -p 8080:80 myapp:latest
+podman run -d --name myapp -p 8080:80 myapp:latest
+```
+
+**Run with environment variables:**
+```bash
+docker run -d --name myapp -e KEY=value myapp:latest
+podman run -d --name myapp -e KEY=value myapp:latest
+```
+
+**Run with volume mount:**
+```bash
+docker run -d --name myapp -v /host/path:/container/path myapp:latest
+podman run -d --name myapp -v /host/path:/container/path myapp:latest
+```
+
+**Run interactively:**
+```bash
+docker run -it --name myapp myapp:latest /bin/bash
+podman run -it --name myapp myapp:latest /bin/bash
+```
+
+### Stop/Restart Containers
+
+**Stop container:**
+```bash
+docker stop myapp
+podman stop myapp
+```
+
+**Stop with timeout:**
+```bash
+docker stop -t 30 myapp
+podman stop -t 30 myapp
+```
+
+**Restart container:**
+```bash
+docker restart myapp
+podman restart myapp
+```
+
+**Kill container (forceful):**
+```bash
+docker kill myapp
+podman kill myapp
+```
+
+### Remove Containers
+
+**Remove stopped container:**
+```bash
+docker rm myapp
+podman rm myapp
+```
+
+**Force remove running container:**
+```bash
+docker rm -f myapp
+podman rm -f myapp
+```
+
+**Remove all stopped containers:**
+```bash
+docker container prune
+podman container prune
+```
+
+### Inspect Containers
+
+**Show detailed information:**
+```bash
+docker inspect myapp
+podman inspect myapp
+```
+
+**Get specific field:**
+```bash
+docker inspect -f '{{.State.Status}}' myapp
+podman inspect -f '{{.State.Status}}' myapp
+```
+
+**Show resource usage:**
+```bash
+docker stats myapp
+podman stats myapp
+```
+
+## Podman-Specific Features
+
+### Rootless Containers
+```bash
+# Run rootless (default in Podman)
+podman run -d --name myapp myapp:latest
+
+# Check if rootless
+podman info --format '{{.Host.Security.Rootless}}'
+```
+
+### Systemd Integration
+```bash
+# Generate systemd unit file
+podman generate systemd --name myapp > ~/.config/systemd/user/myapp.service
+
+# Enable and start service
+systemctl --user enable --now myapp.service
+```
+
+### Pods (Kubernetes-like)
+```bash
+# Create pod
+podman pod create --name mypod -p 8080:80
+
+# Add container to pod
+podman run -d --pod mypod --name myapp myapp:latest
+
+# List pods
+podman pod ps
+
+# Stop entire pod
+podman pod stop mypod
+```
+
+## Best Practices
+
+### Container Naming
+- Use descriptive names
+- Follow consistent naming convention
+- Avoid generic names like "app" or "container"
+
+### Resource Management
+- Set memory limits: `--memory 512m`
+- Set CPU limits: `--cpus 1.5`
+- Use health checks: `--health-cmd`
+
+### Security
+- Run as non-root when possible (Podman rootless)
+- Use read-only filesystem: `--read-only`
+- Drop capabilities: `--cap-drop ALL`
+- Use security profiles: `--security-opt`
+
+### Restart Policies
+```bash
+# Always restart
+docker run -d --restart always myapp
+
+# Restart on failure
+docker run -d --restart on-failure:5 myapp
+
+# No restart
+docker run -d --restart no myapp
+```
+
+## Common Issues
+
+**Issue**: Port already in use
+- Check what's using the port: `lsof -i :8080` or `ss -tlnp | grep 8080`
+- Use different host port: `-p 8081:80`
+
+**Issue**: Container exits immediately
+- Check logs: [trigger DebugContainer]
+- Run interactively to debug: `-it`
+
+**Issue**: Permission denied (Docker)
+- Add user to docker group: `sudo usermod -aG docker $USER`
+- Or use Podman rootless
+
+**Issue**: Cannot connect to container
+- Check port mapping: `docker port myapp`
+- Verify network: `docker network inspect bridge`
+
+## Output Format
+
+After container operation:
+```
+✓ Container started successfully
+  Runtime: docker/podman
+  Name: myapp
+  Status: running
+  Ports: 0.0.0.0:8080->80/tcp
+  Uptime: 5s
+
+Next steps:
+  - Check logs: docker logs myapp
+  - Access application: curl http://localhost:8080
+  - View stats: docker stats myapp
+```