- add --prune mode with graceful state awareness to protect excluded projects during global prune
- scaffold Dev-Control GitHub App; feat(fix-history): --drop accepts multiple commits
- add --combine to fuse two adjacent commits with preserved dates and signing
- add deduplication by squash
- expand BATS coverage with git utilities, plugin discovery and JSON validation
- correct ONNX Runtime download URL
- pass --pull=true to podman build to match VS Code defaults and avoid cache miss
- skip per-build wrapper prune when NESTED to prevent devcontainer cache miss
- regenerate root scaffold via dev-tools img on --nest . so postCreate runs
- --exclude matches bare folder names and no longer strips entries from nest.json
- prune wrappers once preliminarily for nest, skip per-build prune when NESTED
- drop --force from per-build wrapper prune so Podman skips in-use containers
- add git config to barebones (e.g. root) container
- auto-yes flag, dotted-label inspect, and exclude across all removal paths
- complete dc.bats suite and migrate residual gc_* identifiers
- scope per-project volumes by project slug
- Merge pull request #99 from XAOSTECH/copilot/fix-container-startup-issues
- docs(changelog): record containerise cache fixes and new prune mode
- chore: update git tree visualisation
- chore(logs): actualise NTFS-compatibility log
- chore: update CHANGELOG for v0.5.10
- refactor(lib/git): dual-mode source/execute bootstrap
- chore(contain-streaming): patch libpcre3-dev to libpcre2-dev
- docs(log): index NTFS-related issues + refine 1.13-dev framing
- docs(log): introduce log/ with fuse-overlayfs/NTFS compatibility notes
dc-contain --prunemode with graceful state awareness to prune containers/images while protecting excluded projects by temporarily starting them.
dc-contain: Fix 1/33 devcontainer cache miss by passing--pull=trueto podman build, matching VS Code DevContainers default behaviour.dc-contain: Fix cache invalidation by skipping per-build wrapper prune whenNESTED=trueduring--nest.
All notable changes to Dev-Control will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- expand BATS coverage with git utilities, plugin discovery and JSON validation
- complete dc.bats suite and migrate residual gc_* identifiers
- scope per-project volumes by project slug
- refactor(lib/git): dual-mode source/execute bootstrap
- chore(contain-streaming): patch libpcre3-dev to libpcre2-dev
- docs(log): index NTFS-related issues + refine 1.13-dev framing
- docs(log): introduce log/ with fuse-overlayfs/NTFS compatibility notes
- bind ephemeral GPG key to fixtures so signing is testable
- add deterministic test-repo recycler
- add --blossom for surgical non-tip commit amend
- use docker CLI + podman socket to repair fuse-overlayfs damage
- root ENTRYPOINT to repair fuse-overlayfs/NTFS damage
- add named volumes for .gnupg/.ssh/.cache/.devcontainer to unblock postCreate
- remove chown from footer.Dockerfile to preserve rootless podman ownership
- add mode=1777 to tmpfs mount to override tmpcopyup
- mount tmpfs on /tmp and chown home dir in postCreate
- mount .vscode-server as named volume to bypass fuse-overlayfs NTFS xattr failure
- revert chown 1000:1000 back to ${CATEGORY}:${CATEGORY} in footer.Dockerfile
- chmod 777 .vscode-server to survive userns=keep-id build/run namespace mismatch
- revert conda env to python=3.12; pybedtools/HTSeq have no 3.14 builds in conda-forge/bioconda
- cd / before rm -rf of build dirs to prevent getcwd() hang
- use 1000:1000 for chown and move bashrc writes to root in footer.Dockerfile
- create .hushlogin/.bashrc as root before USER switch in footer.Dockerfile
- perf: remove ARG BUILD_DATE cache-buster to allow step 20 to be cached
- chore: update CHANGELOG for v0.5.9 (re-release)
- chore: update conda to latest after Miniforge install in data-science build
- chore: replace pinned versions with dynamic latest fetches
- chore: update CHANGELOG for v0.5.9 (re-release)
- chore: update CHANGELOG for v0.5.9
- refactor(dc-fix): split fix-history.sh into 5 focused lib modules
- refactor(dc-fix): extract blossom mode into lib/git/blossom.sh
- chore: update git tree visualisation
- bind ephemeral GPG key to fixtures so signing is testable
- add deterministic test-repo recycler
- add --blossom for surgical non-tip commit amend
- add mode=1777 to tmpfs mount to override tmpcopyup
- mount tmpfs on /tmp and chown home dir in postCreate
- mount .vscode-server as named volume to bypass fuse-overlayfs NTFS xattr failure
- revert chown 1000:1000 back to ${CATEGORY}:${CATEGORY} in footer.Dockerfile
- chmod 777 .vscode-server to survive userns=keep-id build/run namespace mismatch
- revert conda env to python=3.12; pybedtools/HTSeq have no 3.14 builds in conda-forge/bioconda
- cd / before rm -rf of build dirs to prevent getcwd() hang
- use 1000:1000 for chown and move bashrc writes to root in footer.Dockerfile
- create .hushlogin/.bashrc as root before USER switch in footer.Dockerfile
- chore: update conda to latest after Miniforge install in data-science build
- chore: replace pinned versions with dynamic latest fetches
- chore: update CHANGELOG for v0.5.9 (re-release)
- chore: update CHANGELOG for v0.5.9
- refactor(dc-fix): split fix-history.sh into 5 focused lib modules
- refactor(dc-fix): extract blossom mode into lib/git/blossom.sh
- chore: update git tree visualisation
- bind ephemeral GPG key to fixtures so signing is testable
- add deterministic test-repo recycler
- add --blossom for surgical non-tip commit amend
- use 1000:1000 for chown and move bashrc writes to root in footer.Dockerfile
- create .hushlogin/.bashrc as root before USER switch in footer.Dockerfile
- chore: update CHANGELOG for v0.5.9
- refactor(dc-fix): split fix-history.sh into 5 focused lib modules
- refactor(dc-fix): extract blossom mode into lib/git/blossom.sh
- chore: update git tree visualisation
- add --blossom for surgical non-tip commit amend
- refactor(dc-fix): split fix-history.sh into 5 focused lib modules
- refactor(dc-fix): extract blossom mode into lib/git/blossom.sh
- chore: update git tree visualisation
- add --push flag with reusable commit/push function
- add consolidate option to absorb newer releases into an older version
- very strict cache buster; BUILD_DATE now includes %m
- add optional Authenticode code signing via SignPath.io
- amend existing dc-init commits instead of stacking duplicates
- auto-detect and trigger build-*.yml workflows
- enforce default branch name 'main'
- harden batch mode with filtering and smart defaults
- add --exclude flag to batch/nest modes
- normalise v0.0.x → v0.1.0 with opt-out checkbox
- resolve CodeQL envvar-injection and code-injection alerts
- sanitize early-exit tarball_count GITHUB_ENV write
- sanitize GITHUB_ENV writes against newline injection
- remove erroneous backslash escaping in MCP config heredoc
- resolve CodeQL envvar-injection and missing-permissions alerts
- handle Windows CRLF and binary-mode prefix in SHA256SUMS.txt parsing
- exclude SHA256SUMS.txt from release assets
- unify drifted is_excluded_text_line functions
- exclude license/licence code patterns + template-loading license loop
- exclude license/licence, e.a. + fix in CHANGELOG
- anglicise checkout with App token for workflow file pushes
- chore(containerise): add %h to ARG BUILD_DATE
- ci: force Node.js 24 for all GitHub Actions workflows
- chore: update CHANGELOG for v0.5.8
- perf: remove redundant identity setup in anglicise workflow
- Merge pull request #98 from XAOSTECH:anglicise/20260316-032939
- chore: convert American spellings to British English
- exclude license/licence code patterns + template-loading license loop
- exclude license/licence, e.a. + fix in CHANGELOG
- anglicise checkout with App token for workflow file pushes
- perf: remove redundant identity setup in anglicise workflow
- Merge pull request #98 from XAOSTECH:anglicise/20260316-032939
- chore: convert American spellings to British English
- tree-viz overhaul - topo sort, variable spacing, wind slider, clickable nodes, SVG fix, mini SVG - Topological sort (Kahn's algorithm) replaces timestamp sort; merges never appear before their parent commits - Variable row heights: 40px trunk, 80px branches for tighter layout - Dynamic canvas/SVG dimensions derived from actual position data - Wind intensity doubled + range slider (0-500%) for user control - Ctrl+click / middle-click commit nodes opens commit page (repo_url extracted from git remote, SSH auto-converted to HTTPS) - SVG: XML-escaped title attributes (fixes unescaped quote error), branch connection lines (Bézier curves), correct gradient per type - Mini SVG renderer with CSS sway animation for README inline embed - README embed updated: shows mini SVG with links to full SVG/HTML/data - Max-commits default changed to 0 (unlimited); fixed local-outside-fn and duplicate --date flag issues
- add --skip flag to exclude directories from batch update
- add MEMBERS owner guard and interrupted-run recovery
- add --update mode for batch template refresh
- batch mode stash/pull/commit/push lifecycle
- integrate tree-viz generation with 30-commit threshold
- add workflow and template for automated tree generation
- overhaul interactive visualisation with waving leaves and scrollable viewport
- optimise containerise.sh flow for pre-built images
- enhance update workflow with comprehensive maintenance
- add repository update workflow
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- include (re-release) in same-day CHANGELOG heading
- skip dev-control repo in batch update
- fix staging, licence priority, and pull-fail handling in batch update
- avoid hard fail on missing usb capture device
- ensure/apply automerge label for bot PRs
- drop hardcoded automated PR label
- non-fatal submodule update; fallback branch names
- submodule threshold=0 on manual run, fix subshell bug, stale default 60→10
- limit workflow edits to display text
- preserve analyse IDs; keep UK display text
- github.copilot-chat --> GitHub.copilot-chat
- honour category flag in interactive image selection
- correct Perl regex syntax using curly brace delimiters
- improve anglicise workflow exclusion patterns for license/licence conversion
- strip extensions and customizations from _minimal variant
- leave timezone empty in _minimal variant
- replace user timezone with UTC in _example and _minimal config variants
- extract current version before triggering release
- simplify gh pr create syntax to match anglicise.yml pattern
- quote multiline gh pr create body for dependency updates
- properly quote multiline gh pr create body in update.yml
- resolve YAML syntax errors in workflows
- prune container volumes on --regen to clear stale postCreateCommandMarker
- use nvm default alias in builds
- ensure nvm default path and use LTS for wrangler
- split common tools before categories and restore footer usage
- add nvm to web-dev category for wrangler dependency
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- chore: update git tree visualisation
- move tree-viz to .github/static/ for GitHub Pages hosting
- feature(static.yml): tree viz page
- chore: update git tree visualisation
- tree-viz.yml: fix git add pathspec bug preventing commit
- update.yml: add new_release_threshold to bump version instead of endless re-releases
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: clean devcontainer extension defaults and minimal profile
- chore: bump actions to Node.js 24, fix anglicise false positives, apply British English fixes
- security: remove untrusted checkout merge path
- Add origin headers and template folder READMEs
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore(dc-init): update workflows and actions
- chore(replace-template): fix syntax
- chore: update CHANGELOG for v0.5.7 (re-release)
- improve: use gcda-style HEAD amendment for serverless
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore(web-dev): adapt comment
- chore(anglicise): licence -> licence + adapt anglicise
- chore(docs): clarify dc-init -> dc-create config flow
- chore(docs): clarify envVars
- chore(docs): move dc-alias to front + fix typo + format
- chore(docs): mention re-releases
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: drop common-tools and align nvm usage
- Revert "fix: add nvm to web-dev category for wrangler dependency"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "refactor: split common template into base and footer"
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: split common template into base and footer
- chore: update CHANGELOG for v0.5.7
- chore(docs): update README
- optimise containerise.sh flow for pre-built images
- enhance update workflow with comprehensive maintenance
- add repository update workflow
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- limit workflow edits to display text
- preserve analyse IDs; keep UK display text
- github.copilot-chat --> GitHub.copilot-chat
- honour category flag in interactive image selection
- correct Perl regex syntax using curly brace delimiters
- improve anglicise workflow exclusion patterns for license/licence conversion
- strip extensions and customizations from _minimal variant
- leave timezone empty in _minimal variant
- replace user timezone with UTC in _example and _minimal config variants
- extract current version before triggering release
- simplify gh pr create syntax to match anglicise.yml pattern
- quote multiline gh pr create body for dependency updates
- properly quote multiline gh pr create body in update.yml
- resolve YAML syntax errors in workflows
- prune container volumes on --regen to clear stale postCreateCommandMarker
- use nvm default alias in builds
- ensure nvm default path and use LTS for wrangler
- split common tools before categories and restore footer usage
- add nvm to web-dev category for wrangler dependency
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- chore: clean devcontainer extension defaults and minimal profile
- chore: bump actions to Node.js 24, fix anglicise false positives, apply British English fixes
- security: remove untrusted checkout merge path
- Add origin headers and template folder READMEs
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore(dc-init): update workflows and actions
- chore(replace-template): fix syntax
- chore: update CHANGELOG for v0.5.7 (re-release)
- improve: use gcda-style HEAD amendment for serverless
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore(web-dev): adapt comment
- chore(anglicise): licence -> licence + adapt anglicise
- chore(docs): clarify dc-init -> dc-create config flow
- chore(docs): clarify envVars
- chore(docs): move dc-alias to front + fix typo + format
- chore(docs): mention re-releases
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: drop common-tools and align nvm usage
- Revert "fix: add nvm to web-dev category for wrangler dependency"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "refactor: split common template into base and footer"
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: split common template into base and footer
- chore: update CHANGELOG for v0.5.7
- chore(docs): update README
- enhance update workflow with comprehensive maintenance
- add repository update workflow
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- correct Perl regex syntax using curly brace delimiters
- improve anglicise workflow exclusion patterns for license/licence conversion
- strip extensions and customizations from _minimal variant
- leave timezone empty in _minimal variant
- replace user timezone with UTC in _example and _minimal config variants
- extract current version before triggering release
- simplify gh pr create syntax to match anglicise.yml pattern
- quote multiline gh pr create body for dependency updates
- properly quote multiline gh pr create body in update.yml
- resolve YAML syntax errors in workflows
- prune container volumes on --regen to clear stale postCreateCommandMarker
- use nvm default alias in builds
- ensure nvm default path and use LTS for wrangler
- split common tools before categories and restore footer usage
- add nvm to web-dev category for wrangler dependency
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- chore(dc-init): update workflows and actions
- chore(replace-template): fix syntax
- chore: update CHANGELOG for v0.5.7 (re-release)
- improve: use gcda-style HEAD amendment for serverless
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore(web-dev): adapt comment
- chore(anglicise): licence -> licence + adapt anglicise
- chore(docs): clarify dc-init -> dc-create config flow
- chore(docs): clarify envVars
- chore(docs): move dc-alias to front + fix typo + format
- chore(docs): mention re-releases
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: drop common-tools and align nvm usage
- Revert "fix: add nvm to web-dev category for wrangler dependency"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "refactor: split common template into base and footer"
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: split common template into base and footer
- chore: update CHANGELOG for v0.5.7
- chore(docs): update README
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- prune container volumes on --regen to clear stale postCreateCommandMarker
- use nvm default alias in builds
- ensure nvm default path and use LTS for wrangler
- split common tools before categories and restore footer usage
- add nvm to web-dev category for wrangler dependency
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- chore(web-dev): adapt comment
- chore(anglicise): licence -> licence + adapt anglicise
- chore(docs): clarify dc-init -> dc-create config flow
- chore(docs): clarify envVars
- chore(docs): move dc-alias to front + fix typo + format
- chore(docs): mention re-releases
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: drop common-tools and align nvm usage
- Revert "fix: add nvm to web-dev category for wrangler dependency"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "refactor: split common template into base and footer"
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: split common template into base and footer
- chore: update CHANGELOG for v0.5.7
- chore(docs): update README
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- use nvm default alias in builds
- ensure nvm default path and use LTS for wrangler
- split common tools before categories and restore footer usage
- add nvm to web-dev category for wrangler dependency
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- refactor: drop common-tools and align nvm usage
- Revert "fix: add nvm to web-dev category for wrangler dependency"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "chore: update CHANGELOG for v0.5.7 (re-release)"
- Revert "refactor: split common template into base and footer"
- chore: update CHANGELOG for v0.5.7 (re-release)
- chore: update CHANGELOG for v0.5.7 (re-release)
- refactor: split common template into base and footer
- chore: update CHANGELOG for v0.5.7
- chore(docs): update README
- add SHA256 checksums for GitHub-generated source archives
- add CodeQL workflow template with auto-detection
- install docs templates to docs/ subdirectory
- add global repoVars.env config for bot credentials
- align containerise.sh to use system-wide nvm at /opt/nvm
- dynamic Node/nvm version detection to prevent hardcoded path mismatches
- pin unpinned actions and sanitize user input in workflows
- align bash-lint template with repo version (quote environment variables)
- add git clone installation for projects without packaging.sh + update org to XAOSTECH
- ALWAYS show installation instructions in dev-control workflow
- properly handle projects without packaging.sh in release workflow
- make tarball build conditional on skip_tarball input and packaging.sh existence
- replace CodeQL template with working Advanced Security workflow
- convert multi-line --body args to single-line in workflow templates
- additional YAML syntax errors in workflow templates
- YAML syntax errors in workflow templates
- chore(docs): update README
- add fractal git tree visualisation (create-tree.sh)
- add security branch cleanup and --auto-sign flag
- amend security review issues instead of creating duplicates
- add automerge label to security-fix PRs
- SVG info transform arithmetic calculation
- tree-viz JSON escaping and duplicate echo bugs
- tree visualisation - CodeQL schedule, SVG rendering, relative paths
- restore correct variables in PR body template
- remove self-referential env vars and use correct shell syntax
- disable autofix automatic trigger to prevent infinite loop
- autofix script should skip env: sections and revert broken changes
- break up ${{ in env var echo to prevent parser interpretation
- prevent parser from interpreting bash array syntax as expression
- workflow validation errors
- prevent duplicate env sections and inline security script
- prevent duplicate security review issues and fix inverted logic
- trim spaces from expression capture and handle git diff errors
- security-autofix script input handling and consistency
- add env section before run when extracting vulnerable expressions
- remove expression syntax from comment
- remove ellipsis from JSON comment to avoid expression parser error
- use head/tail instead of awk to avoid GitHub Actions expression parsing
- skip PR creation when no files modified
- prevent jq backtick parsing in issue body
- ensure labels exist before PR creation
- send commit payload via gh api input
- send git tree payload via gh api input
- allow workflow_dispatch to bypass workflow_run guard
- build tree JSON properly with jq instead of string concat
- send parents as JSON array in commit API call
- use GitHub API instead of git push for workflow changes
- use create-github-app-token@v2 with all required permissions
- add explicit permission grants for GitHub App token
- remove duplicate env block in bash-lint-advanced.yml
- remove redundant git config - identity action handles this
- use relative path for local identity action
- remove invalid expression syntax from comment
- eliminate ALL multiline strings from workflow YAML
- remove heredoc syntax from workflows - use temp files
- use heredoc syntax for multiline strings in workflows
- remove broken Python code from security-autofix workflow
- chore: update CHANGELOG for v0.5.6 (re-release)
- refactor: replace ludeeus/action-shellcheck with native shellcheck
- chore: update CHANGELOG for v0.5.6
- refactor: replace peter-evans/create-pull-request with gh CLI
- security: fix untrusted-checkout vulnerabilities in automerge workflow
- Merge pull request #91 from XAOSTECH:security/autofix-1771727196
- security: auto-fix CodeQL alerts
- Merge branch 'main' of https://github.com/XAOSTECH/dev-control
- Merge pull request #75 from XAOSTECH:security/autofix-1771725722
- Merge pull request #77 from XAOSTECH:security/autofix-1771725763
- security: auto-fix CodeQL alerts
- security: auto-fix CodeQL alerts
- Merge pull request #71 from XAOSTECH:security/autofix-1771725675
- security: auto-fix CodeQL alerts
- Merge branch 'main' of https://github.com/XAOSTECH/dev-control
- security: replace insecure regex with explicit bot allowlist + label requirement
- Merge pull request #45 from XAOSTECH/security/autofix-1771725086
- security: auto-fix CodeQL alerts
- chore: make security-autofix script executable
- refactor: move complex script to external file to avoid expression parsing issues
- chore: whitespace - trigger workflow reload
- refactor: replace Python with robust shell script for code-injection fixes
- refactor: use Python for robust code-injection vulnerability fixing
- Merge pull request #37 from XAOSTECH:security/autofix-1771640641
- security: auto-fix CodeQL alerts
- debug: add tree JSON inspection output
- sync: update security-autofix template with API approach
- debug: test API write permission
- debug: add token permission check
- sync: update security-autofix template with permission grants
- chore: sync security-autofix template with fixed workflow
- security: fix code injection in central-loader variables
- use GitHub-style merge messages in automerge
- add automated security fix bot workflow
- restore GH_TOKEN to automerge merge step
- use xaostech-security[bot] credentials in security-autofix
- correct shields.io badge parameters and refine anglicise exclusions
- pre-create ~/.devcontainer so postCreateCommand marker can be written
- bust permissions layer cache with BUILD_DATE ARG
- remove --userns=keep-id from runArgs + prune before nest loop
- prune stale vsc-*-uid wrapper images after base build
- Merge remote-tracking branch 'refs/remotes/pr/36'
- chore: convert American spellings to British English
- security: reduce automerge checkout attack surface
- chore: update CHANGELOG for v0.5.5 (re-release)
- security: fix YAML syntax error and pin create-pull-request action
- security: fix code injection in central-loader sed replacements
- security: fix code injection vulnerabilities in workflows
- Update CodeQL Action to v4 with automatic patch management
- Simplify CodeQL to focus on repo languages (JavaScript/YAML only)
- chore: rename codeQL
- Add auto-fix PR creation to bash-lint-advanced with xaostech-security[bot] credentials
- Fix bash-lint-advanced job outputs and create advanced CodeQL security workflow
- Fix CodeQL untrusted-checkout alert: fetch PR head from official repo
- Fix --reauthor to include target commit and detect merge topology
- Add reauthor and force resign options to dc-fix
- Sign automerge merges with xaos-bot
- chore: update CHANGELOG for v0.5.5 (re-release)
- Merge pull request #34 from XAOSTECH/anglicise/20260220-215059
- chore: convert American spellings to British English
- Fix anglicise grep quoting and ignore test-repo
- chore: update CHANGELOG for v0.5.5 (re-release)
- Add defaults-only mode for template loading
- Add app token secret name templating
- Template workflow secret name placeholders
- Add secret name and stability caching to template-loading.sh
- chore: update CHANGELOG for v0.5.5 (re-release)
- Add bot-email input and template-loading integration for bot values
- Replace xaos-bot specific values with placeholders in action template
- chore: update CHANGELOG for v0.5.5 (re-release)
- docs(readme): readability
- chore: update CHANGELOG for v0.5.5
- add automated security fix bot workflow
- use xaostech-security[bot] credentials in security-autofix
- correct shields.io badge parameters and refine anglicise exclusions
- pre-create ~/.devcontainer so postCreateCommand marker can be written
- bust permissions layer cache with BUILD_DATE ARG
- remove --userns=keep-id from runArgs + prune before nest loop
- prune stale vsc-*-uid wrapper images after base build
- security: fix YAML syntax error and pin create-pull-request action
- security: fix code injection in central-loader sed replacements
- security: fix code injection vulnerabilities in workflows
- Update CodeQL Action to v4 with automatic patch management
- Simplify CodeQL to focus on repo languages (JavaScript/YAML only)
- chore: rename codeQL
- Add auto-fix PR creation to bash-lint-advanced with xaostech-security[bot] credentials
- Fix bash-lint-advanced job outputs and create advanced CodeQL security workflow
- Fix CodeQL untrusted-checkout alert: fetch PR head from official repo
- Fix --reauthor to include target commit and detect merge topology
- Add reauthor and force resign options to dc-fix
- Sign automerge merges with xaos-bot
- chore: update CHANGELOG for v0.5.5 (re-release)
- Merge pull request #34 from XAOSTECH/anglicise/20260220-215059
- chore: convert American spellings to British English
- Fix anglicise grep quoting and ignore test-repo
- chore: update CHANGELOG for v0.5.5 (re-release)
- Add defaults-only mode for template loading
- Add app token secret name templating
- Template workflow secret name placeholders
- Add secret name and stability caching to template-loading.sh
- chore: update CHANGELOG for v0.5.5 (re-release)
- Add bot-email input and template-loading integration for bot values
- Replace xaos-bot specific values with placeholders in action template
- chore: update CHANGELOG for v0.5.5 (re-release)
- docs(readme): readability
- chore: update CHANGELOG for v0.5.5
- automate re-release and smart CHANGELOG handling
- auto-generate CHANGELOG.md in release workflow
- extract bot identity into composite action
- attribute bot commits/merges to GitHub App identity
- auto-merge any xaos[bot] PRs without requiring automerge label
- add text replacement workflow
- fix user setup and switch to wget
- remove GPG_TTY literal and conflicting socket bind mount
- pre-create .ssh/.cache/.config in image; restore .gnupg chown in postCreateCommand; add --no-cache to dc-contain --base
- support v-prefixed version input, strip if present
- normalise CHANGELOG blank lines with cat -s after each edit
- add per-tag concurrency and idempotent release creation
- use GITHUB_TOKEN to push tag in dispatch path to prevent re-trigger
- skip GPG re-registration if key already present
- prevent set -e crash in GPG registration step
- use machine user (xaos-bot) identity for GPG signing and git attribution
- use personal PAT (XB_UT) for GPG key registration, fix check logic
- expose GPG key registration failures and attribute release to bot
- generate app token before checkout so credential helper uses app identity
- configure app token remote once at workflow start for all pushes
- remove invalid workflows permission key from release workflow
- workflows permission, app token push, and auto-version for release
- set git identity in Update latest tag step
- correct latest tag creation in release workflow
- apply bot identity and GPG verification to release workflow
- correct bot display name and GPG commit verification
- correct single-quote escaping in anglicise grep patterns
- use perl negative lookahead instead of whole-line filename skip
- use app display name for git user.name instead of ASCII slug
- support --auto-resolve=value and AUTO_RESOLVE=THEIRS in fix-history
- register bot GPG key unconditionally on every workflow run
- use gpg-connect-agent PRESET_PASSPHRASE for correct CI/CD signing
- use absolute PATH and ensure wrapper is accessible in commit step
- replace heredoc with printf for YAML compliance
- create GPG wrapper script for pinentry mode
- simplify GPG signing and remove .git default from exclude paths
- pass GPG environment variables to commit step
- replace heredoc with printf for valid YAML syntax
- implement proper GPG signing with passphrase caching
- add GPG_PINENTRY_MODE=loopback to enable non-interactive signing
- enable GPG signing in CI/CD with loopback pinentry mode
- docs(readme): update command examples
- chore: update CHANGELOG for v0.5.4 (re-release)
- chore: update CHANGELOG for v0.5.4 (re-release)
- chore: update CHANGELOG for v0.5.4 (re-release)
- perf: skip build steps on duplicate run via early release check
- chore: update CHANGELOG for v0.5.4
- refactor: deduplicate commit-fetching into shared gather step
- docs(readme): update intro + usage
- Merge pull request #33 from XAOSTECH/anglicise/20260218-003720
- chore: convert American spellings to British English
- Merge pull request #32 from XAOSTECH/anglicise/20260218-001511
- chore: convert American spellings to British English
- Merge pull request #31 from XAOSTECH/replace/20260217-235313
- refactor: use xxd -p -u for cleaner hex passphrase encoding
- chore: replace text across repository
- chore: update workflows with GitHub App token integration
- chore: change anglicise workflow to run monthly and on-demand only
- docs(security): version
- Devcontainer UID mismatch with
--userns=keep-id:- Added
-u 1000flag tousermodwhen renaming ubuntu user in Dockerfile - Ensures dev-tools user UID matches host UID 1000 from
--userns=keep-idremapping - Fixes "Permission denied" errors on
.gnupg,.ssh,.gitconfigduring container initialisation
- Added
- GPG directory pre-creation removed:
- Removed
.gnupgpre-creation fromfooter.Dockerfileandcontainerise.sh - Let VS Code create
.gnupgduring initialisation with correct user ownership - Prevents permission mismatches when
--userns=keep-idremaps UIDs at runtime
- Removed
- Debugging guide for conditional code paths:
- New lesson documenting how to identify and fix conditional branch issues in generated Dockerfiles
- Explains how layer cache changes prove edits are recognised
- Guidance on tracing which conditional branch executes based on STEP output
0.5.0 - 2026-02-08
-
Containerization modularization complete:
- Extracted category Dockerfile generation to
lib/container.sh - Template files:
common.Dockerfile,footer.Dockerfile, per-category Dockerfiles -
generate_category_dockerfile()function for DRY base image building
- Extracted category Dockerfile generation to
-
Dynamic locale and timezone support:
- Locale and timezone now configurable from user config (not hardcoded)
-
${LOCALE}and${TZ}template variables incommon.Dockerfile - Defaults to
en_US.UTF-8andUTCif not specified
-
npx PATH for MCP servers:
-
ENV PATHset globally incommon.Dockerfilefor Node.js binaries - Firecrawl and other npx-based MCP servers work out-of-the-box
- No shell initialisation required for IDE integrations
-
-
Web-dev category enhancements:
- Wrangler (Cloudflare Workers CLI) installed globally via npm
- Verification step added to confirm Wrangler installation
-
Config variant generation:
-
_exampleand_minimalvariants for tracked reference configs - Personal configs (Dockerfile, devcontainer.json) gitignored
- Tracked variants use placeholder values or omit personal config
-
-
GPG signing restored:
-
postCreateCommandnow creates/run/user/${uid}/gnupgfor socket mount -
.gnupgdirectory permissions fixed (chmod 700, proper ownership) - GPG agent socket properly accessible in containers
-
-
dc-fix auto-push:
- Automatic force-push after signing operations
- Prevents divergent branch issues requiring manual push
- Uses
--force-with-leasefor safety
-
Sed escaping bug:
- Git config commands now properly escape
&characters for sed - Fixes template variable substitution in footer.Dockerfile
- Git config commands now properly escape
-
Locale sed pattern:
- Changed from
/${LOCALE%.*}/to/${LOCALE}/(parameter expansion doesn't work in templates) - Correctly matches
/etc/locale.genentries
- Changed from
- Reduced containerise.sh complexity:
- Line count: 1532 → 1419 (7.4% reduction)
- Duplicate 113-line function removed (now in
lib/container.sh)
- Improved .gitignore handling:
- Personal devcontainer configs excluded from version control
- Tracked reference variants (_example, _minimal) committed
- Code changes: Refactored ~200 lines from monolithic script to modular library
- New functions:
generate_category_dockerfile(): Concatenate templates with variable substitutiongenerate_git_config_dockerfile(): Build git config for Dockerfile RUNgenerate_git_config_postcreate(): Build git config for postCreateCommand
- Template architecture:
common.Dockerfile: Base layer (Ubuntu, tools, locale, nvm, Node.js){category}.Dockerfile: Category-specific installationsfooter.Dockerfile: User setup, dev-control install, git config
- ✓ All existing flows functional (--base, --img, interactive)
- ✓ Legacy interactive mode unchanged
- ✓ Existing .devcontainer configurations work as before
0.4.0 - 2026-02-04
- Multi-category base image support with specialised development environments
- Categories: game-dev, art, data-science, streaming, web-dev, dev-tools
- Feature descriptions and GitHub source references for each category
- Dual-mode operation:
--base --CATEGORY: Build pre-configured category base images--img --CATEGORY: Generate devcontainers from category base images
- GPU acceleration & streaming features:
- CUDA Toolkit 13.1 support with NVIDIA hardware integration
- FFmpeg compilation from source with NVENC/NVDEC hardware encoding
- NGINX-RTMP streaming server integration with SRT protocol support
- ONNX Runtime GPU acceleration for ML inference
- YOLOv8 export and inference capabilities
- Enhanced configuration:
- New options:
use_base_category,base_category,mount_wrangler - Streaming options:
install_cuda,install_ffmpeg,install_nginx_rtmp,install_streaming_utils,enable_nvidia_devices - Configuration via new YAML keys in container configuration files
- New options:
- Improved help & documentation:
- Category descriptions with tools and versions
- Mode-specific usage examples
- GitHub source paths for category base images
containerise.shhelp text completely restructured for multi-category architecture- Configuration loading refactored to support base category selection
- Command-line parsing enhanced with MODE and CATEGORY_FLAG support
- File permission:
containerise.shnow executable (+x)
- Code changes: +1026 lines (1080 insertions, 54 deletions)
- New functions:
generate_category_dockerfile(): Build category base imagesbuild_base_image(): Execute category base image buildsgenerate_image_devcontainer(): Generate devcontainers from base images
- New data structures:
BASE_IMAGE_CATEGORIES[]: Category-to-image mappingsCATEGORY_FEATURES[]: Feature descriptions per categoryCATEGORY_GITHUB_PATHS[]: Source code references
- ✓ Legacy interactive mode fully preserved
- ✓ Existing .devcontainer configurations unaffected
- ✓
--defaultsand--config FILEoptions functional - ✓ Non-category configurations work as before
- Game Development: Godot 4.x + Vulkan SDK + SDL2 + GLFW 3.4 + CUDA
- 3D/2D Art: Krita, GIMP, Inkscape, Blender, ImageMagick
- Data Science: CUDA + FFmpeg + NVIDIA acceleration
- Live Streaming: FFmpeg (NVENC/NVDEC) + NGINX-RTMP + ONNX Runtime
- Web Development: Node.js 25 (nvm) + npm + Wrangler
- General Development: GCC + build-essential + standard compilers
0.3.0 - 2026-01-26
- Licence detection now correctly identifies GPL-3.0 when version number is on a separate line
- Debian package Depends field now properly formatted (comma+space separated)
- Fixed library path in licences.sh (was lib/licence.sh, now lib/git/licence.sh)
- Documentation updated with concise introduction for new users
- README.md restructured for better readability while maintaining template design
0.2.2 - 2026-01-24
- Refactored release workflow to separate template from dev-control-specific workflow
- Converted American spellings to British English
- Expanded exclusions in anglicise workflow for CLI flags and code patterns
1.0.0 - 2025-01-15
- Initial release
- dev-control.sh - main orchestration script
- create-repo.sh - GitHub repository creation
- create-pr.sh - Pull request automation
- template-loading.sh - Template management
- module-nesting.sh - Submodule handling
- fix-history.sh - Git history rewriting
- alias-loading.sh - Shell alias management
- mcp-setup.sh - MCP server configuration
- containerise.sh - Dev container setup
- Shared libraries: common.sh, github.sh, git.sh, signing.sh
- Documentation templates
- GitHub issue/PR templates
- Licence templates (MIT, GPL-3.0, Apache-2.0, BSD-3-Clause)
- Workflow templates for CI/CD
- GPG commit signing support
- SSH key management