v0.3.1

This release improves Poetry installation in the Docker image and clarifies how to run Codex inside the container when its internal sandbox is too restrictive.

Highlights

• Switched Poetry installation from the bootstrap script to pipx.
• Bumped Poetry to 2.3.4 across Docker/Compose env defaults.
• Clarified codex -s danger-full-access usage for Docker-based workflows.
• Expanded security notes to explain what danger-full-access changes and what it does not.

Changed

• Poetry is now installed via pipx in the Docker image instead of the remote install script.
• Default POETRY_VERSION was updated from 2.3.2 to 2.3.4 in:
  • Dockerfile
  • compose.yaml
  • .env.dist
• Removed obsolete POETRY_HOME usage after switching away from the install script.

Documentation

• Added a practical codex example for rerunning inside the container with:
  • docker compose run --rm codex -s danger-full-access
• Clarified that this disables Codex's internal sandbox without changing Docker seccomp or adding container capabilities.
• Expanded security notes to explain what access Codex retains in this mode.

Notes

• No intended breaking changes for standard template usage.
• This release mainly improves container setup clarity and reduces ambiguity around Codex sandbox behavior in Docker.

Full Changelog: v0.3.0...v0.3.1

v0.3.0

This release turns the repo into a stronger Docker-first Python template with testing examples, CI checks, and optional browser-based VS Code workflow.

Highlights

• Added a full code-server workflow (VS Code in browser) as an alternative to Vim.
• Added example pytest tests and integrated test/lint checks into template guidance.
• Added/expanded GitHub Actions CI to build images and run tool smoke checks.
• Refined README with clearer positioning, onboarding guidance, and concrete project examples.

Added

• code-server Docker stage in Dockerfile with Python-focused extensions:
  • ms-python.python
  • ms-pyright.pyright
  • charliermarsh.ruff
  • ms-toolsai.jupyter
• code-server service in compose.yaml with env-driven config:
  • CODE_SERVER_HOST
  • CODE_SERVER_PORT
  • CODE_SERVER_AUTH
  • CODE_SERVER_PASSWORD
  • CODE_SERVER_EXTENSIONS
• VS Code dist configs:
  • .vscode/settings.json.dist
  • .vscode/extensions.json.dist
• Example tests:
  • tests/sample/test_main.py
• App smoke test in CI (docker compose run --rm -T app).

Changed

• Entry-point behavior for app CLI is now exit-code-safe via sample.main:main.
• Ruff now includes tests (tests/**/*.py) with test-appropriate per-file ignores.
• CI now builds/checks:
  • dev, app, vim-ide, codex, gemini, jupyterlab, code-server
  • binary availability checks for key tools
  • ruff check, ruff format --check, pytest
• Code-server install hardened for CI/build reliability:
  • standalone install method
  • retry logic
  • explicit binary path usage

Documentation

• README now emphasizes Docker-only host dependency and dual editor paths (vim-ide or code-server).
• Added “Who Is This For?” section.
• Added two project examples:
  • Data Science / ML structure/workflow
  • Backend API / service structure/workflow
• Expanded security notes to include CODE_SERVER_PASSWORD.

Notes

• No known breaking changes for standard template usage.
• For code-server users, copy dist configs to local files:
  • .vscode/settings.json.dist -> .vscode/settings.json
  • .vscode/extensions.json.dist -> .vscode/extensions.json

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

Highlights

• Added a dedicated dev service in compose.yaml for checks and experiments.
• Standardized Docker defaults to developer / /home/developer across stages.
• Improved Arch build stability (DisableSandbox in pacman options, safer mirrorlist handling).
• Updated Poetry default from 2.2.1 to 2.3.2.
• Increased pip timeout default from 100 to 300.

Container and Compose

• Added reusable Compose anchors for app bind mount and shared memory.
• Added dev service (dev-build target).
• Updated codex-web-login entrypoint to list form.
• Fixed Jupyter argument formatting (--ip=0.0.0.0).
• Removed Codex/Gemini API key/env wiring from vim-ide; use dedicated codex and gemini services.

Config and Security

• .env.dist now uses safer defaults for secrets (empty API keys, stronger Jupyter token guidance).
• Added explicit warning not to share .env secrets in logs/issues.
• Added vim-spell-en and vim-spell-ru via packages instead of manual dictionary downloads.

Documentation

• Expanded prerequisites and compatibility notes.
• Added quickstart setup for .vimrc and .coc-settings.json.
• Added new dev workflow section.
• Clarified rebuild guidance after dependency changes.
• Clarified Codex/Gemini login and usage flow.
• Added guidance for secret-safe config sharing: docker compose config --no-interpolate.

Potentially Breaking / Behavioral Changes

• Default container identity changed from devuser//home/devuser to developer//home/developer.
• vim-ide no longer includes Codex/Gemini auth mounts or API key env vars.

Commits

• b87a0bd chore(template): align Docker/Compose defaults and improve docs safety
• c9cb40d Update poetry
• 90b0e7d Stabilize arch build and refresh docs

Full Changelog: v0.1.2...v0.2.0

v0.1.2

Improved:

• Switched Docker stages to use numeric UID/GID (USER 1000:1000) and consistent defaults, improving cache reuse and avoiding user lookup issues in Kaniko.
• Added HOME env for predictable user context during cached layers.
• Tightened sudoers cleanup to avoid accidental line matches.

Full Changelog: v0.1.1...v0.1.2

v0.1.1

Improved:

• Improved Arch Linux mirrorlist retrieval with retries and HTTPS filtering.
• Added a safe fallback to keep the existing mirrorlist if the refresh fails.

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Highlights

• Integrated AI CLI agents: optional codex and gemini services runnable inside the same Docker dev environment (including Vim :terminal workflow).
• Reproducible Python dev template: Docker + Poetry + configurable OS-level deps, consistent across machines.

Added

• Docker Compose services for common workflows: vim-ide, poetry, app, jupyterlab, codex, gemini, and codex-web-login.
• Persistent auth volumes for AI tools: codex-auth and gemini-auth to avoid re-login between runs.
• Configurable environment via .env (PYTHON_VERSION, POETRY_VERSION, VIM_PACKAGES, platform settings, tokens).

Improved

• Modern Vim IDE setup (plugins + CoC/LSP configuration) designed for Python development inside the container.
• Clearer onboarding docs and quickstart flow.

Notes

• codex-web-login uses network_mode: host (Linux-friendly; Docker Desktop may require an alternative auth approach).
• app is a packaged image (rebuild required to pick up code changes), while dev services bind-mount the repo for live editing.