fix: align root docs and lab preparation cleanup

README.md

@@ -106,7 +106,7 @@ Configura Docker Volumes e MinIO per storage S3-compatible.
 - Volumes named e bind mounts
 - MinIO come S3 locale
 - Parallelismo: Docker Volumes -> EBS, MinIO -> S3
-- **Test:** 6/6 verifiche passate (100%)
+- **Test:** verifica finale disponibile nel lab (`bash tests/99-final-verification.sh`)
 
 **Documentazione:** [Tutorial](labs/lab-04-storage/tutorial/) | [How-to](labs/lab-04-storage/how-to-guides/) | [Reference](labs/lab-04-storage/reference/) | [Explanation](labs/lab-04-storage/explanation/)
 
@@ -115,7 +115,7 @@ Deploy PostgreSQL in rete privata con persistenza dati.
 - Container database in rete isolata
 - Backup e restore dei dati
 - Parallelismo: PostgreSQL container -> RDS, Volume -> Snapshot
-- **Test:** 7/7 verifiche passate (100%)
+- **Test:** verifica finale disponibile nel lab (`bash tests/99-final-verification.sh`)
 
 **Documentazione:** [Tutorial](labs/lab-05-database/tutorial/) | [How-to](labs/lab-05-database/how-to-guides/) | [Reference](labs/lab-05-database/reference/) | [Explanation](labs/lab-05-database/explanation/)
 
@@ -200,14 +200,14 @@ Per pulire invece tutto l'ambiente Docker locale:
 
 Questo corso segue principi di sicurezza rigorosi:
 
-1. **Minimo Privilegio**: I container non girano mai come root
+1. **Minimo Privilegio**: dove previsto, il processo principale del servizio non deve girare come root
 2. **Isolamento di Rete**: Le reti private non espongono porte sull'host
 3. **Limiti di Risorse**: Ogni container ha limiti CPU e memoria configurati
 4. **Persistenza**: I dati sopravvivono al riavvio dei container
 
 ## Roadmap
 
-### Progresso Complessivo: 100% (6/10 Phase completate)
+### Progresso Complessivo: 5 laboratori core completati
 
 | Phase | Stato | Descrizione |
 |-------|------|------------|

TROUBLESHOOTING.md

@@ -162,9 +162,12 @@ curl http://localhost:9000/minio/health/live
 docker exec lab05-db pg_isready -U lab05_user
 ```
 
-**Soluzione:** Il database è in rete privata. Usa container app per connetterti:
+**Soluzione:** Il database è in rete privata. Usa un client PostgreSQL nella stessa rete privata:
 ```bash
-docker exec lab05-app psql -h db -U lab05_user -d lab05_db
+docker run --rm --network lab05-vpc-private \
+  -e PGPASSWORD=lab05_password \
+  postgres:16-alpine \
+  psql -h db -U lab05_user -d lab05_db
 ```
 
 #### Connessione dal host fallisce

scripts/prepare-lab.sh

@@ -45,7 +45,7 @@ Options:
 
 What this script targets:
   - Containers named lab01*, lab02-*, lab03-*, lab04-*, lab05-*
-  - Networks named lab02-vpc-*, lab05-vpc-*, lab-04-storage_default
+  - Networks named lab-01-iam_default, lab-03-compute_default, lab-04-storage_default, lab02-vpc-*, lab05-vpc-*
   - Volumes named lab-02-network_*, lab-03-compute_*, lab-04-storage_*, lab-05-database_*
 
 Examples:
@@ -82,7 +82,7 @@ while [ $# -gt 0 ]; do
 done
 
 mapfile -t COURSE_CONTAINERS < <(docker ps -a --format '{{.ID}} {{.Names}}' 2>/dev/null | grep -E '^[0-9a-f]+ (lab01|lab02-|lab03-|lab04-|lab05-)' | cut -d' ' -f1)
-mapfile -t COURSE_NETWORKS < <(docker network ls --format '{{.Name}}' 2>/dev/null | grep -E '^(lab02-vpc-|lab05-vpc-|lab-04-storage_default)' || true)
+mapfile -t COURSE_NETWORKS < <(docker network ls --format '{{.Name}}' 2>/dev/null | grep -E '^(lab02-vpc-|lab05-vpc-|lab-01-iam_default|lab-03-compute_default|lab-04-storage_default)' || true)
 mapfile -t COURSE_VOLUMES < <(docker volume ls --format '{{.Name}}' 2>/dev/null | grep -E '^lab-(02-network|03-compute|04-storage|05-database)_' || true)
 
 echo "=========================================="
@@ -123,19 +123,31 @@ run_or_print() {
 
 if [ ${#COURSE_CONTAINERS[@]} -gt 0 ]; then
     print_info "Removing course containers..."
-    run_or_print "remove containers" docker rm -f "${COURSE_CONTAINERS[@]}" >/dev/null 2>&1 || true
+    if [ "$DRY_RUN" = true ]; then
+        run_or_print "remove containers" docker rm -f "${COURSE_CONTAINERS[@]}"
+    else
+        docker rm -f "${COURSE_CONTAINERS[@]}" >/dev/null 2>&1 || true
+    fi
     print_success "Processed ${#COURSE_CONTAINERS[@]} container(s)"
 fi
 
 if [ ${#COURSE_NETWORKS[@]} -gt 0 ]; then
     print_info "Removing course networks..."
-    run_or_print "remove networks" docker network rm "${COURSE_NETWORKS[@]}" >/dev/null 2>&1 || true
+    if [ "$DRY_RUN" = true ]; then
+        run_or_print "remove networks" docker network rm "${COURSE_NETWORKS[@]}"
+    else
+        docker network rm "${COURSE_NETWORKS[@]}" >/dev/null 2>&1 || true
+    fi
     print_success "Processed ${#COURSE_NETWORKS[@]} network(s)"
 fi
 
 if [ "$KEEP_VOLUMES" = false ] && [ ${#COURSE_VOLUMES[@]} -gt 0 ]; then
     print_info "Removing course volumes..."
-    run_or_print "remove volumes" docker volume rm "${COURSE_VOLUMES[@]}" >/dev/null 2>&1 || true
+    if [ "$DRY_RUN" = true ]; then
+        run_or_print "remove volumes" docker volume rm "${COURSE_VOLUMES[@]}"
+    else
+        docker volume rm "${COURSE_VOLUMES[@]}" >/dev/null 2>&1 || true
+    fi
     print_success "Processed ${#COURSE_VOLUMES[@]} volume(s)"
 elif [ "$KEEP_VOLUMES" = true ]; then
     print_info "Skipping volume removal as requested"