refactor: replace deprecated docker-compose with docker compose across repository

2026-04-09 12:15:00 +02:00
parent 64b7d49056
commit dceefe0573
33 changed files with 115 additions and 114 deletions
@@ -37,7 +37,7 @@ Requirements per il rilascio iniziale. Ogni requisito mappa a una fase della roa
 - [ ] **INF-02**: Reti private non espongono porte sull'host (127.0.0.1 max, mai 0.0.0.0)
 - [ ] **INF-03**: Tutti i container hanno limiti risorse obbligatori (cpus, mem_limit)
 - [ ] **INF-04**: Dati persistenti sopravvivono a riavvio container (named volumes)
- [x] **INF-05**: File docker-compose.yml validati con `docker-compose config` prima dell'uso
+- [x] **INF-05**: File docker-compose.yml validati con `docker compose config` prima dell'uso

 ### Git & Workflow

@@ -56,7 +56,7 @@
 1. Studente può clonare la repository e trovare istruzioni chiare per configurare Docker Engine >= 24.0 e Compose V2
 2. Studente può eseguire script di verifica ambiente che controlla Docker, utility di rete, e risorse minime
 3. Studente può eseguire comando di reset completo ambiente (cleanup volumi, reti)
-4. Ogni file docker-compose.yml può essere validato con `docker-compose config` prima dell'uso
+4. Ogni file docker-compose.yml può essere validato con `docker compose config` prima dell'uso
 5. Repository ha struttura chiara con cartelle `labs/`, `how-to-guides/`, `reference/`

 **Plans:** 2
@@ -239,7 +239,7 @@
 **Requirements:** TEST-02, TEST-03, INF-01, INF-02, INF-03, INF-04, INF-05, PARA-01, PARA-02, PARA-03, PARA-04

 **Success Criteria** (what must be TRUE):
-1. Tutti i 5 laboratori sono eseguibili end-to-end senza errori (`docker-compose up` funziona)
+1. Tutti i 5 laboratori sono eseguibili end-to-end senza errori (`docker compose up` funziona)
 2. Tutti i 4 documenti Diátaxis sono completi per ogni lab (Tutorial, How-to, Reference, Explanation)
 3. Tutti i criteri sicurezza sono verificati: no root, reti isolate, limiti risorse, persistenza dati
 4. Tutti i parallelismi cloud ↔ locale sono documentati: Docker Networks → VPC, MinIO → S3, PostgreSQL → RDS
@@ -261,7 +261,7 @@ Every v1 requirement mapped to exactly one phase:
 - SETUP-03: Specificate risorse minime consigliate (RAM, CPU)
 - SETUP-04: Fornito script di verifica ambiente (check Docker, check versioni)
 - SETUP-05: Fornito comando di reset completo ambiente (cleanup volumi, reti)
- INF-05: File docker-compose.yml validati con `docker-compose config` prima dell'uso
+- INF-05: File docker-compose.yml validati con `docker compose config` prima dell'uso

 ### Lab 01 - IAM (Phase 2)
 - LAB-01: Studente può configurare utenti Linux, gruppi e permessi per accesso Docker socket
@@ -364,7 +364,7 @@ Every v1 requirement mapped to exactly one phase:
 - INF-02: Validazione finale reti isolate
 - INF-03: Validazione finale limiti risorse
 - INF-04: Validazione finale persistenza dati
- INF-05: Validazione finale docker-compose config
+- INF-05: Validazione finale docker compose config
 - PARA-01: Validazione finale parallelismi cloud-locale
 - PARA-02: Validazione finale nomenclatura cloud
 - PARA-03: Validazione finale differenze documentate
@@ -180,7 +180,7 @@ Execute Phase 2 Plan 02 - User Implementation (GREEN phase) to make tests pass
 - [ ] Requisiti Docker Engine >= 24.0 e Compose V2 documentati
 - [ ] Script verifica ambiente funziona (check Docker, versioni, utility rete)
 - [ ] Comando cleanup/reset ambiente testato
- [ ] File docker-compose.yml possono essere validati con `docker-compose config`
+- [ ] File docker-compose.yml possono essere validati con `docker compose config`

 **General quality indicators (apply to all phases):**
 - [ ] I 4 documenti Diátaxis sono redatti con tono diretto e semplice
@@ -141,7 +141,7 @@ Since this phase sets up infrastructure and tooling, validation focuses on:
 - **Validation:** `scripts/reset-env.sh` exists and cleans all Docker artifacts
 - **Test:** After running, `docker ps` shows no containers, `docker network ls` shows only default networks

-**Success Criterion 4:** Ogni file docker-compose.yml può essere validato con `docker-compose config` prima dell'uso
+**Success Criterion 4:** Ogni file docker-compose.yml può essere validato con `docker compose config` prima dell'uso
 - **Validation:** `scripts/validate-compose.sh` exists and validates compose files
 - **Test:** Script catches YAML errors and configuration issues

@@ -70,7 +70,7 @@ re_verification: false
 | SETUP-03 | 01-01 | Specificate risorse minime consigliate (RAM, CPU) | SATISFIED | README.md lines 22-26: RAM 16GB, CPU 4 cores, scripts/check-env.sh reports actual values |
 | SETUP-04 | 01-01 | Fornito script di verifica ambiente (check Docker, check versioni) | SATISFIED | scripts/check-env.sh exists (165 lines), validates Docker version, Compose V2, utilities |
 | SETUP-05 | 01-01 | Fornito comando di reset completo ambiente (cleanup volumi, reti) | SATISFIED | scripts/reset-env.sh exists (232 lines), stops containers, removes networks/volumes with --dry-run |
-| INF-05 | 01-01 | File docker-compose.yml validati con docker-compose config prima dell'uso | SATISFIED | scripts/validate-compose.sh exists (94 lines), uses `docker compose config` for validation |
+| INF-05 | 01-01 | File docker-compose.yml validati con docker compose config prima dell'uso | SATISFIED | scripts/validate-compose.sh exists (94 lines), uses `docker compose config` for validation |

 **All 8 requirement IDs accounted for and satisfied.**

@@ -86,8 +86,8 @@ test_unauthorized_access() {
 ## INF-01 Verification Pattern
 ```bash
 # From RESEARCH.md - Non-root container verification
-for service in $(docker-compose ps --services); do
-    container_name=$(docker-compose ps -q $service)
+for service in $(docker compose ps --services); do
+    container_name=$(docker compose ps -q $service)
    actual_user=$(docker exec $container_name whoami 2>/dev/null)
    if [ "$actual_user" = "root" ]; then
        echo "FAIL: $service running as root"
@@ -444,7 +444,7 @@ test_no_container_runs_as_root() {
    fi

    # Get all services from compose file
-    local services=$(docker-compose -f "$compose_file" ps --services 2>/dev/null || echo "")
+    local services=$(docker compose -f "$compose_file" ps --services 2>/dev/null || echo "")

    if [ -z "$services" ]; then
        echo -e "${YELLOW}SKIP${NC}: No services defined yet"
@@ -455,7 +455,7 @@ test_no_container_runs_as_root() {
    local root_containers=0
    while IFS= read -r service; do
        if [ -n "$service" ]; then
-            local container_name=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
+            local container_name=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
            if [ -n "$container_name" ]; then
                local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
                if [ "$user" = "root" ]; then
@@ -586,11 +586,11 @@ else
    fi

    # If containers are running, verify they're not root
-    if docker-compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
+    if docker compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
        local root_count=0
        while IFS= read -r service; do
            [ -z "$service" ] && continue
-            local container=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
+            local container=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
            if [ -n "$container" ]; then
                local user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
                if [ "$user" = "root" ]; then
@@ -598,7 +598,7 @@ else
                    ((root_count++))
                fi
            fi
-        done <<< "$(docker-compose -f "$compose_file" ps --services 2>/dev/null)"
+        done <<< "$(docker compose -f "$compose_file" ps --services 2>/dev/null)"

        if [ $root_count -eq 0 ]; then
            echo -e "  ${GREEN}✓${NC} All running containers are non-root"
@@ -606,7 +606,7 @@ else
            all_passed=false
        fi
    else
-        echo -e "  ${YELLOW}○${NC} No containers running (start with docker-compose up)"
+        echo -e "  ${YELLOW}○${NC} No containers running (start with docker compose up)"
    fi
 fi
 echo ""
@@ -822,8 +822,8 @@ done

 ```bash
 # Verifica tutti i servizi nel compose file
-docker-compose ps --services | while read service; do
-    container=$(docker-compose ps -q $service)
+docker compose ps --services | while read service; do
+    container=$(docker compose ps -q $service)
    echo "Service: $service, User: $(docker exec $container whoami)"
 done
 ```
@@ -271,7 +271,7 @@ Key implementation points:
 - Container name matches test expectations
 - Healthcheck verifies non-root user
 - Comments explain why no volumes/networks (future labs)
- Follows docker-compose V3.8 syntax
+- Follows docker compose V3.8 syntax
 - No ports exposed (security best practice)

 TDD Context: Tests from Wave 0 check for user directive - this configuration should satisfy those tests.
@@ -282,7 +282,7 @@ INF-01 Compliance:
 - No possibility of root execution
  </action>
  <verify>
-    <automated>cd labs/lab-01-iam && docker-compose config > /dev/null 2>&1 && echo "PASS: docker-compose.yml is valid" || echo "FAIL: docker-compose.yml has errors"</automated>
+    <automated>cd labs/lab-01-iam && docker compose config > /dev/null 2>&1 && echo "PASS: docker-compose.yml is valid" || echo "FAIL: docker-compose.yml has errors"</automated>
  </verify>
  <done>docker-compose.yml defines service with non-root user directive</done>
 </task>
@@ -331,7 +331,7 @@ fail_count=0

 # Test 1: docker-compose.yml is valid
 echo -e "${BLUE}[1/6] Checking docker-compose.yml syntax...${NC}"
-if docker-compose config >/dev/null 2>&1; then
+if docker compose config >/dev/null 2>&1; then
    echo -e "  ${GREEN}✓${NC} docker-compose.yml is valid YAML"
    ((pass_count++))
 else
@@ -402,11 +402,11 @@ else
 fi
 echo ""

-# Test 6: Verify docker-compose service
-echo -e "${BLUE}[6/6] Verifying docker-compose service...${NC}"
+# Test 6: Verify docker compose service
+echo -e "${BLUE}[6/6] Verifying docker compose service...${NC}"
 # Start container in detached mode
-if docker-compose up -d >/dev/null 2>&1; then
-    echo -e "  ${GREEN}✓${NC} docker-compose service started"
+if docker compose up -d >/dev/null 2>&1; then
+    echo -e "  ${GREEN}✓${NC} docker compose service started"

    # Wait for container to be ready
    sleep 3
@@ -418,10 +418,10 @@ if docker-compose up -d >/dev/null 2>&1; then
        # Verify user
        actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
        if [ "$actual_user" = "labuser" ]; then
-            echo -e "  ${GREEN}✓${NC} docker-compose container runs as non-root"
+            echo -e "  ${GREEN}✓${NC} docker compose container runs as non-root"
            ((pass_count++))
        else
-            echo -e "  ${RED}✗${NC} docker-compose container running as $actual_user (expected labuser)"
+            echo -e "  ${RED}✗${NC} docker compose container running as $actual_user (expected labuser)"
            ((fail_count++))
        fi
    else
@@ -430,9 +430,9 @@ if docker-compose up -d >/dev/null 2>&1; then
    fi

    # Cleanup
-    docker-compose down --volumes >/dev/null 2>&1
+    docker compose down --volumes >/dev/null 2>&1
 else
-    echo -e "  ${RED}✗${NC} Failed to start docker-compose service"
+    echo -e "  ${RED}✗${NC} Failed to start docker compose service"
    ((fail_count++))
 fi
 echo ""
@@ -466,7 +466,7 @@ Key implementation points:
 - Verifies USER directive in Dockerfile
 - Verifies user directive in docker-compose.yml
 - Builds and tests Docker image
- Starts container with docker-compose and verifies execution
+- Starts container with docker compose and verifies execution
 - Proper cleanup after testing
 - Clear pass/fail indicators

@@ -483,7 +483,7 @@ TDD Context: This script confirms the GREEN phase - infrastructure implementatio
 <verification>
 1. Dockerfile creates non-root user with USER directive
 2. docker-compose.yml specifies user directive for service
-3. docker-compose config validates without errors
+3. docker compose config validates without errors
 4. Docker build succeeds without warnings
 5. Container execution verified as non-root (whoami, docker inspect, docker top)
 6. All Wave 0 tests now pass (GREEN phase of TDD)
@@ -117,7 +117,7 @@ Created a 163-line bash script that validates all infrastructure requirements:
 - **Test 3:** Verifies docker-compose.yml has non-root user directive
 - **Test 4:** Builds Docker image successfully
 - **Test 5:** Verifies container runs as non-root (whoami check)
- **Test 6:** Starts docker-compose service and verifies execution
+- **Test 6:** Starts docker compose service and verifies execution

 **Result:** 6/6 tests passed - GREEN phase complete.

@@ -175,7 +175,7 @@ All 6 infrastructure tests passed:
 [3/6] docker-compose.yml user directive (1000:1000)  PASS
 [4/6] Docker image builds successfully               PASS
 [5/6] Container runs as non-root (labuser)           PASS
-[6/6] docker-compose service verification            PASS
+[6/6] docker compose service verification            PASS
 ```

 ## Requirements Satisfied
@@ -165,7 +165,7 @@ services:

 ### Pitfall 3: Insufficient Verification of Non-Root Execution
 **What goes wrong:** Container configured with `USER` directive but still running as root
-**Why it happens:** Dockerfile USER directive not applied, or docker-compose `user` override missing, or container switches back to root
+**Why it happens:** Dockerfile USER directive not applied, or docker compose `user` override missing, or container switches back to root
 **How to avoid:** Always verify with `docker exec <container> whoami` AND `docker inspect <container> | grep User`
 **Warning signs:** Container process shows as root in `docker top` or `docker inspect`

@@ -204,7 +204,7 @@ docker exec <container_name> whoami

 # Method 2: Inspect container configuration
 docker inspect <container_name> --format='{{.State.User}}'
-# Note: May show empty if using docker-compose user directive
+# Note: May show empty if using docker compose user directive

 # Method 3: Check process on host
 docker top <container_name>
@@ -389,8 +389,8 @@ echo "All tests passed!" || echo "Some tests failed"
 **Automated Verification:**
 ```bash
 # Test runs for every container defined in docker-compose.yml
-for service in $(docker-compose ps --services); do
-    container_name=$(docker-compose ps -q $service)
+for service in $(docker compose ps --services); do
+    container_name=$(docker compose ps -q $service)
    actual_user=$(docker exec $container_name whoami 2>/dev/null)
    if [ "$actual_user" = "root" ]; then
        echo "FAIL: $service running as root"
@@ -402,7 +402,7 @@ echo "PASS: All containers running as non-root"

 **Manual Verification:**
 1. Check docker-compose.yml for `user:` directive on all services
-2. Run `docker-compose ps` to get container names
+2. Run `docker compose ps` to get container names
 3. Run `docker top <container>` and verify USER column != root
 4. Run `docker inspect <container>` and verify Config.User is set

@@ -187,7 +187,7 @@ Phase 2 patterns to follow:
    1. Verify docker-compose.yml exists
    2. Verify no port bindings use 0.0.0.0 (violates INF-02)
    3. Verify private services use 127.0.0.1 binding (localhost only)
-    4. Verify docker-compose config is valid YAML
+    4. Verify docker compose config is valid YAML
    5. Verify no published ports for private-only services

    Requirements:
@@ -201,7 +201,7 @@ Phase 2 patterns to follow:
    - Check file exists: `[ -f labs/lab-02-network/docker-compose.yml ]`
    - Find port mappings: `grep -E "^\s*-\s*[0-9]+:" docker-compose.yml` or `grep -A 20 "ports:"`
    - Check for violations: `grep -E '0\.0\.0\.0:[0-9]+' docker-compose.yml` (should NOT find)
-    - Validate YAML: `docker-compose -f docker-compose.yml config` (if file exists)
+    - Validate YAML: `docker compose -f docker-compose.yml config` (if file exists)

    Expected: 5 tests total (file exists, no 0.0.0.0 bindings, 127.0.0.1 bindings used, YAML valid, private services no ports)
  </action>
@@ -193,9 +193,9 @@ From 03-RESEARCH.md, use consistent naming:
    4. **Step 2: Define Networks in Compose**: Custom networks with subnets (10.0.1.0/24, 10.0.2.0/24)
    5. **Step 3: Define Services**: Web server in public network, database in private network
    6. **Step 4: Port Publishing**: INF-02 compliance (127.0.0.1 binding only)
-    7. **Verification Step 1**: `docker-compose config`
-    8. **Step 5: Start Services**: `docker-compose up -d`
-    9. **Verification Step 2**: `docker-compose ps`, `docker network inspect`
+    7. **Verification Step 1**: `docker compose config`
+    8. **Step 5: Start Services**: `docker compose up -d`
+    9. **Verification Step 2**: `docker compose ps`, `docker network inspect`
    10. **Step 6: Verify Service Placement**: Which network each service is in
    11. **Troubleshooting**: Port conflicts, network not found
    12. **Summary**: Multi-tier architecture deployed
@@ -336,7 +336,7 @@ From 03-RESEARCH.md, use consistent naming:
    **Guide 4: cleanup-networks.md**
    - Goal: Remove networks and fix common cleanup issues
    - Steps: Remove networks, remove containers, fix "network has active endpoints"
-    - Commands: docker network rm, docker-compose down -v
+    - Commands: docker network rm, docker compose down -v
    - Troubleshooting: Networks that won't delete, orphaned networks
    - ~60 lines

@@ -21,7 +21,7 @@ must_haves:
    - "Private networks use --internal flag and no published ports"
    - "Public services bind to 127.0.0.1 only (INF-02 compliant)"
    - "Infrastructure verification tests pass (GREEN phase)"
-    - "All services start successfully with docker-compose up"
+    - "All services start successfully with docker compose up"
  artifacts:
    - path: "labs/lab-02-network/docker-compose.yml"
      provides: "VPC network definition with subnets"
@@ -47,7 +47,7 @@ must_haves:
 <objective>
 Create Docker infrastructure (docker-compose.yml and Dockerfile) implementing VPC simulation with isolated bridge networks. Following TDD methodology, this is the GREEN phase - tests already exist from Plan 03-01, and infrastructure should make those tests pass. Infrastructure must enforce INF-02 compliance (private networks don't expose ports on 0.0.0.0).

-Purpose: Implement network infrastructure that simulates AWS VPC with public and private subnets. Students learn by running docker-compose and observing isolated networks in action.
+Purpose: Implement network infrastructure that simulates AWS VPC with public and private subnets. Students learn by running docker compose and observing isolated networks in action.

 Output: Working docker-compose.yml with VPC networks, test container image, and infrastructure verification script that validates all requirements.
 </objective>
@@ -262,7 +262,7 @@ From REQUIREMENTS.md:
    Expected: ~100 lines with complete VPC simulation
  </action>
  <verify>
-    <automated>cd labs/lab-02-network && docker-compose config && docker-compose up -d && docker-compose ps</automated>
+    <automated>cd labs/lab-02-network && docker compose config && docker compose up -d && docker compose ps</automated>
  </verify>
  <done>docker-compose.yml defines VPC networks with correct subnets. Services deployed in appropriate tiers. INF-02 compliant (127.0.0.1 bindings only).</done>
 </task>
@@ -374,7 +374,7 @@ From REQUIREMENTS.md:
    Expected: ~45 lines with non-root user and networking tools
  </action>
  <verify>
-    <automated>cd labs/lab-02-network && docker-compose build api && docker images | grep lab02-api</automated>
+    <automated>cd labs/lab-02-network && docker compose build api && docker images | grep lab02-api</automated>
  </verify>
  <done>Dockerfile builds successfully. Creates non-root container with networking tools. Healthcheck tests connectivity to private network.</done>
 </task>
@@ -391,7 +391,7 @@ From REQUIREMENTS.md:
    3. Verify subnet configurations (10.0.1.0/24, 10.0.2.0/24)
    4. Verify INF-02 compliance (no 0.0.0.0 bindings)
    5. Verify private network has internal: true flag
-    6. Verify docker-compose build succeeds
+    6. Verify docker compose build succeeds
    7. Verify services start successfully
    8. Verify network isolation (web cannot ping db)
    9. Verify same-network communication (api can reach db)
@@ -399,7 +399,7 @@ From REQUIREMENTS.md:

    Requirements:
    - Follow Phase 2 test patterns (color output, helper functions)
-    - Use docker-compose config to validate YAML
+    - Use docker compose config to validate YAML
    - Use docker network inspect to verify network config
    - Use docker exec for connectivity tests
    - Use grep for INF-02 validation
@@ -442,7 +442,7 @@ From REQUIREMENTS.md:

    # Test 1: docker-compose.yml is valid
    echo -e "[1/10] Testing docker-compose.yml syntax..."
-    if docker-compose config > /dev/null 2>&1; then
+    if docker compose config > /dev/null 2>&1; then
        echo -e "${GREEN}PASS${NC}: docker-compose.yml is valid"
        inc_pass
    else
@@ -452,8 +452,8 @@ From REQUIREMENTS.md:

    # Test 2: Networks defined
    echo -e "[2/10] Testing network definitions..."
-    if docker-compose config | grep -q "vpc-public:" && \
-       docker-compose config | grep -q "vpc-private:"; then
+    if docker compose config | grep -q "vpc-public:" && \
+       docker compose config | grep -q "vpc-private:"; then
        echo -e "${GREEN}PASS${NC}: vpc-public and vpc-private networks defined"
        inc_pass
    else
@@ -463,8 +463,8 @@ From REQUIREMENTS.md:

    # Test 3: Subnet configurations
    echo -e "[3/10] Testing subnet configurations..."
-    if docker-compose config | grep -q "10.0.1.0/24" && \
-       docker-compose config | grep -q "10.0.2.0/24"; then
+    if docker compose config | grep -q "10.0.1.0/24" && \
+       docker compose config | grep -q "10.0.2.0/24"; then
        echo -e "${GREEN}PASS${NC}: Subnets 10.0.1.0/24 and 10.0.2.0/24 configured"
        inc_pass
    else
@@ -474,7 +474,7 @@ From REQUIREMENTS.md:

    # Test 4: INF-02 compliance
    echo -e "[4/10] Testing INF-02 compliance (no 0.0.0.0 bindings)..."
-    if docker-compose config | grep -qE '0\.0\.0\.0:[0-9]+'; then
+    if docker compose config | grep -qE '0\.0\.0\.0:[0-9]+'; then
        echo -e "${RED}FAIL${NC}: Found 0.0.0.0 port bindings (INF-02 violation)"
        inc_fail
    else
@@ -484,7 +484,7 @@ From REQUIREMENTS.md:

    # Test 5: Private network internal flag
    echo -e "[5/10] Testing private network isolation..."
-    if docker-compose config | grep -A 3 "vpc-private:" | grep -q "internal: true"; then
+    if docker compose config | grep -A 3 "vpc-private:" | grep -q "internal: true"; then
        echo -e "${GREEN}PASS${NC}: vpc-private has internal: true flag"
        inc_pass
    else
@@ -493,8 +493,8 @@ From REQUIREMENTS.md:
    fi

    # Test 6: Build succeeds
-    echo -e "[6/10] Testing docker-compose build..."
-    if docker-compose build -q api > /dev/null 2>&1; then
+    echo -e "[6/10] Testing docker compose build..."
+    if docker compose build -q api > /dev/null 2>&1; then
        echo -e "${GREEN}PASS${NC}: Docker image builds successfully"
        inc_pass
    else
@@ -504,10 +504,10 @@ From REQUIREMENTS.md:

    # Test 7-10: Runtime tests (if services running)
    # Check if services are running
-    if docker-compose ps | grep -q "Up"; then
+    if docker compose ps | grep -q "Up"; then
        # Test 7: Services running
        echo -e "[7/10] Testing service status..."
-        running_count=$(docker-compose ps | grep -c "Up" || true)
+        running_count=$(docker compose ps | grep -c "Up" || true)
        if [ "$running_count" -ge 2 ]; then
            echo -e "${GREEN}PASS${NC}: Services are running ($running_count services)"
            inc_pass
@@ -590,19 +590,19 @@ After all tasks complete, verify:
   - tests/04-verify-infrastructure.sh exists

 2. **Compose Configuration**:
-   - `docker-compose config` succeeds (valid YAML)
+   - `docker compose config` succeeds (valid YAML)
   - Two networks defined: vpc-public, vpc-private
   - Correct subnets: 10.0.1.0/24, 10.0.2.0/24
   - Three services: web, api, db

 3. **INF-02 Compliance**:
-   - No 0.0.0.0 bindings in docker-compose config
+   - No 0.0.0.0 bindings in docker compose config
   - Public services use 127.0.0.1:PORT:PORT format
   - Private services have no published ports
   - vpc-private has internal: true flag

 4. **Services Start Successfully**:
-   - `docker-compose up -d` succeeds
+   - `docker compose up -d` succeeds
   - All containers show "Up" status
   - Containers have correct network attachments

@@ -619,19 +619,19 @@ After all tasks complete, verify:

 ```bash
 # Verify compose configuration
-cd labs/lab-02-network && docker-compose config
+cd labs/lab-02-network && docker compose config

 # Check for INF-02 violations (should return nothing)
-cd labs/lab-02-network && docker-compose config | grep "0.0.0.0"
+cd labs/lab-02-network && docker compose config | grep "0.0.0.0"

 # Build services
-cd labs/lab-02-network && docker-compose build
+cd labs/lab-02-network && docker compose build

 # Start services
-cd labs/lab-02-network && docker-compose up -d
+cd labs/lab-02-network && docker compose up -d

 # Check service status
-cd labs/lab-02-network && docker-compose ps
+cd labs/lab-02-network && docker compose ps

 # Verify networks created
 docker network ls | grep lab02
@@ -643,7 +643,7 @@ bash labs/lab-02-network/tests/04-verify-infrastructure.sh
 bash labs/lab-02-network/tests/run-all-tests.sh

 # Cleanup
-cd labs/lab-02-network && docker-compose down -v
+cd labs/lab-02-network && docker compose down -v
 ```

 ## Success Criteria
@@ -652,7 +652,7 @@ cd labs/lab-02-network && docker-compose down -v
 - [ ] Two networks defined: vpc-public (10.0.1.0/24), vpc-private (10.0.2.0/24)
 - [ ] vpc-private has internal: true flag
 - [ ] No 0.0.0.0 port bindings (INF-02 compliant)
- [ ] Services start successfully with docker-compose up
+- [ ] Services start successfully with docker compose up
 - [ ] Network isolation verified (public cannot reach private)
 - [ ] Infrastructure verification script passes all tests
 - [ ] All tests from Plan 03-01 now pass (GREEN phase complete)
@@ -246,7 +246,7 @@ networks:
 ### Pitfall 5: Network Cleanup Between Tests
 **What goes wrong:** Previous test networks interfere with new tests
 **Why it happens:** Networks not removed between test runs, container references stale
-**How to avoid:** Always run `docker-compose down -v` to remove networks, include cleanup in tests
+**How to avoid:** Always run `docker compose down -v` to remove networks, include cleanup in tests
 **Warning signs:** "Network already exists" errors, IP conflicts in subnet allocation

 ## Code Examples
@@ -373,8 +373,8 @@ else
    echo "WARNING: No port bindings found or all public"
 fi

-# Verify with docker-compose config
-docker-compose -f "$compose_file" config 2>/dev/null || true
+# Verify with docker compose config
+docker compose -f "$compose_file" config 2>/dev/null || true

 echo "INF-02 verification complete"
 ```
@@ -41,7 +41,7 @@ created: 2026-03-25
 | 03-01-01 | 01 | 1 | LAB-02, TEST-01 | unit | `bash labs/lab-02-network/tests/test-network-isolation.sh` | ❌ W0 | ⬜ pending |
 | 03-01-02 | 01 | 1 | INF-02 | integration | `bash labs/lab-02-network/tests/test-private-network-no-expose.sh` | ❌ W0 | ⬜ pending |
 | 03-02-01 | 02 | 1 | DOCT-01, DOCT-02 | documentation | File existence check | ❌ W0 | ⬜ pending |
-| 03-03-01 | 03 | 2 | LAB-02, INF-02 | infrastructure | `docker-compose config` + container ping test | ❌ W0 | ⬜ pending |
+| 03-03-01 | 03 | 2 | LAB-02, INF-02 | infrastructure | `docker compose config` + container ping test | ❌ W0 | ⬜ pending |

 *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*

@@ -91,5 +91,5 @@ created: 2026-03-25

 ### INF-02 Compliance Verification
 - Private networks must NOT expose ports on 0.0.0.0
- Test verifies `docker-compose config` output for `127.0.0.1:PORT:PORT` pattern
+- Test verifies `docker compose config` output for `127.0.0.1:PORT:PORT` pattern
 - Manual verification: `netstat -tlnp | grep docker` shows no 0.0.0.0 bindings for private services
@@ -77,7 +77,7 @@ Containers or the entire Docker daemon are killed by the kernel's OOM (Out Of Me
 - Memory leaks in student code go unchecked

 **How to avoid:**
- Always set `mem_limit` in docker-compose for each service
+- Always set `mem_limit` in docker compose for each service
 - Use `deploy.resources.limits.memory` in compose file format v3+
 - Monitor with `docker stats`
 - Teach students to check container resource usage
@@ -107,7 +107,7 @@ Containers run as root by default, creating security vulnerabilities and permiss
 - Volume permission errors seem "easier" to fix with root

 **How to avoid:**
- Always specify `user:` directive in docker-compose or Dockerfile
+- Always specify `user:` directive in docker compose or Dockerfile
 - Create non-root users in Dockerfiles
 - Teach Linux permission basics alongside Docker
 - Use Docker's user namespaces for advanced labs
@@ -48,7 +48,7 @@

 | Tool | Purpose | Notes |
 |------|---------|-------|
-| docker-compose config | Validazione YAML | Esegue check sintassi espandendo variabili |
+| docker compose config | Validazione YAML | Esegue check sintassi espandendo variabili |
 | docker network inspect | Debug reti | Mostra container connessi, IP allocation |
 | docker stats | Monitor risorse | Verifica limiti CPU/memoria in tempo reale |
 | iptables -L -n -v | Debug firewall | Mostra regole NAT/forward attive |
@@ -92,7 +92,7 @@ Critical risks include data loss from improper volume configuration, OOM killer

 3. **OOM killer (resource exhaustion)** — Always set `mem_limit` and CPU limits in docker-compose; monitor with `docker stats`; recommend 16GB RAM minimum for host

-4. **Running as root** — Always specify `user:` directive in docker-compose or Dockerfile; teach Linux permission basics alongside Docker; never use `--privileged` flag
+4. **Running as root** — Always specify `user:` directive in docker compose or Dockerfile; teach Linux permission basics alongside Docker; never use `--privileged` flag

 5. **Port conflicts and binding issues** — Use non-standard ports in examples (5433 instead of 5432); teach students to check port usage; document all port mappings; provide conflict detection scripts