Compose v2 canonical filename (compose.yml) is recognized by both
docker compose and podman compose without preference. The previous
docker-compose.yml worked but signalled a Docker-first stance, while
target deployment is Podman 5.8+ rootless.
- Rename backend/docker-compose.yml -> backend/compose.yml.
- backend/README.md `make db-up` comment uses $(CONTAINER) to mirror
the Makefile auto-detect (lines 14-16: docker || podman).
- backend/README.md audit-writer bootstrap snippet hints at podman
fallback explicitly with `command -v` runtime sniff.
- backend/compose.yml comment for audit-writer mentions both runtimes.
No functional change. Makefile $(COMPOSE) target unchanged: Compose v2
discovers compose.yml first in its search order.
Code-review MAJOR MA1. The previous `scripts/postgres-init/00-roles.sql`
hardcoded a `CHANGE_ME` password for `mimic_audit_writer` and was bind-mounted
into the dev Postgres container; on prod boxes this risks lingering as the
real credential.
- The init script was removed in the previous commit alongside the dropped
scripts dir.
- `docker-compose.yml` no longer mounts a `docker-entrypoint-initdb.d`
directory; the audit-writer role provisioning is the Ansible playbook's
responsibility (D-010).
- `backend/README.md` documents the manual one-shot `CREATE ROLE` command
for local dev with a placeholder password.
Net effect: no `CHANGE_ME` credential reaches a container image / git history.
The Alembic migration's `audit_log` grant block stays idempotent — it is a
no-op when the role is absent.
- pyproject.toml with ruff + mypy strict + pytest + coverage >=70%
- Makefile with Docker/Podman auto-detect
- Multi-stage Dockerfile (python:3.12-slim-bookworm, non-root user)
- docker-compose.yml for Postgres dev DB
- alembic.ini wired to src/mimic/db/migrations
- scripts/postgres-init/00-roles.sql seeds the audit writer role
- .env.example documents every MIMIC_* var (no secrets committed)
