Your Docker Compose is syntactically perfect and functionally wrong. VigilGuard catches the difference.
Support development — BTC, ETH, SOL, XRP, DOGE
We ran 20 Docker services for 3 weeks with MODEL_CONTEXT_LENGTH=128000. The model supports 1,000,000. Compression fired at 12% capacity. Every conversation lost 88% of available context.
No monitoring caught it. No linter flagged it. The config was valid YAML, valid Compose syntax, and completely wrong.
VigilGuard checks config INTENT, not just syntax.
pip install vigilguard
# Generate rules from your existing compose
vigilguard init
# Check your stack
vigilguard check$ vigilguard check
PASS nginx: ports bound to 127.0.0.1
PASS nginx: healthcheck defined
WARN nginx: logging.options.max-size = 100m (rule: max 50m)
FAIL postgres: POSTGRES_PASSWORD is empty
FAIL redis: healthcheck not defined (rule: required)
PASS app: NODE_ENV = production
Summary: 3 pass, 1 warn, 2 fail
Create vigilguard.yml next to your docker-compose.yml:
version: 1
rules:
# All services must have these
"*":
restart: {required: true}
healthcheck: {required: true}
# Database must have password set
postgres:
environment:
POSTGRES_PASSWORD: {not_empty: true}
volumes: {min_count: 1}
# All ports must be localhost-only
"app-*":
ports: {bind_host: "127.0.0.1"}
environment:
NODE_ENV: {equals: "production"}
# Numeric ranges
ai-agent:
environment:
MODEL_CONTEXT_LENGTH: {min: 500000}
logging.options.max-size: {max: "50m"}| Rule | What it checks | Example |
|---|---|---|
required |
Field exists | healthcheck: {required: true} |
present |
Field exists and is not empty | SOUL_MD: {present: true} |
not_empty |
Value is not blank | PASSWORD: {not_empty: true} |
equals |
Exact match | restart: {equals: "unless-stopped"} |
min |
Minimum value (numbers/sizes) | CONTEXT_LENGTH: {min: 500000} |
max |
Maximum value (numbers/sizes) | max-size: {max: "50m"} |
bind_host |
Port binding check | ports: {bind_host: "127.0.0.1"} |
min_count |
Minimum items in list | volumes: {min_count: 1} |
vigilguard check # human-readable table
vigilguard check --format json # machine-readable JSON
vigilguard check --format github # GitHub Actions annotations# .github/workflows/vigilguard.yml
name: Config Drift Check
on: [push, pull_request]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: pip install vigilguard
- run: vigilguard check --format githubDCLint checks YAML syntax and style. VigilGuard checks INTENT.
| DCLint | VigilGuard | |
|---|---|---|
| Valid YAML? | Yes | - |
| Correct indentation? | Yes | - |
| Passwords set? | - | Yes |
| Ports localhost-only? | - | Yes |
| Context length correct? | - | Yes |
| Healthchecks on all services? | - | Yes |
| Log sizes within limits? | - | Yes |
They're complementary. Use both.
Evey — an autonomous AI agent running 20 Docker services at $0/day. VigilGuard was born from a real bug that ran undetected for 3 weeks. Read the full story.
Commercial. See LICENSE for terms. Purchase at: https://evey.cc/vigilguard