Produces a python:3.12-slim-bookworm image that runs migrations (with
the pre-upgrade backup hook) then uvicorn under uid/gid 1000:1000, as
required by the /mnt/quartermaster/ bind mount on the deploy host.
HEALTHCHECK hits /healthz; uvicorn is pointed at logconfig.json so
access logs land on stdout as JSON.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CLAUDE.md states the durable rule: run scripts/backup-db.sh before
any schema change, data migration, or destructive DB operation. The
rule deliberately excludes routine app writes. README summarises
backup location, override env var, and restore procedure.
Refs #5
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
