From 07ba766a4826f5b6e34d127bd131d356ed53eac2 Mon Sep 17 00:00:00 2001 From: Keming He Date: Wed, 23 Jul 2025 23:13:45 -0400 Subject: [PATCH 1/5] docs(readme): improve clarity and add security guidance CHANGES - Clarify problem statement with concrete AI command examples - Add Docker commit hash pinning for production security - Remove redundant sections and sync across README files - Convert diagrams to mobile-friendly lists in dockerhub version IMPACT - Users better understand when to use this tool vs alternatives - Production deployments can audit container contents for security - Consistent messaging across GitHub and Docker Hub --- README-dockerhub.md | 34 ++++++++++++---------------------- README.md | 13 ++++++++----- 2 files changed, 20 insertions(+), 27 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 6465af3..4271f8c 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -2,13 +2,18 @@ > README updated on 2025-07-23 by [@KemingHe](https://github.com/KemingHe) -Official docs from `pip`, `poetry`, `uv`, and `conda` + automated weekly updates = zero maintenance overhead for developers using VSCode/Cursor with AI assistants. [[Demo]](https://www.loom.com/share/a80f6041dc374c07b95b2397ee4e8ca1?sid=1209cdce-7239-447e-8b20-49eae454cc9a) +Stop getting out-of-date Python package manager commands from your AI. Cross-reference latest official `pip`, `poetry`, `uv`, and `conda` docs with auto-updates. [[Demo]](https://www.loom.com/share/a80f6041dc374c07b95b2397ee4e8ca1?sid=1209cdce-7239-447e-8b20-49eae454cc9a) ## πŸš€ Quick Start for Agentic IDEs -**1. Pull latest Docker image**: +**1. Pull Docker image**: ```shell +# Pin to specific commit hash for production security +# See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags +docker pull keminghe/py-dep-man-companion:sha256-... + +# Or use latest for development docker pull keminghe/py-dep-man-companion:latest ``` @@ -27,29 +32,14 @@ docker pull keminghe/py-dep-man-companion:latest } ``` -**3. Query official docs directly in your AI chat** - guaranteed fresh from weekly automated updates. +**3. Ask package manager questions** - "How to migrate a `conda` project to `uv`?" and get accurate, current official syntax. ## πŸ”„ Auto-Update Architecture -```plaintext -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ ⏰ Every Tuesday 6pm ET β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ πŸ“š Sync Official Docs β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ πŸ” Rebuild Search Index β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ 🐳 Publish Latest Image β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - -**Zero maintenance**: Documentation automatically synced weekly from official sources. Docker `:latest` tag guarantees you always get current docs without manual updates. +1. ⏰ **Every Tuesday 6pm ET** +2. πŸ“š **Sync Official Docs** +3. πŸ” **Rebuild Search Index** +4. 🐳 **Publish Latest Image** ## 🀝 Contributing diff --git a/README.md b/README.md index fb27970..76e9ffb 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,18 @@ > README updated on 2025-07-23 by [@KemingHe](https://github.com/KemingHe) -Official docs from `pip`, `poetry`, `uv`, and `conda` + automated weekly updates = zero maintenance overhead for developers using VSCode/Cursor with AI assistants. [[Demo]](https://www.loom.com/share/a80f6041dc374c07b95b2397ee4e8ca1?sid=1209cdce-7239-447e-8b20-49eae454cc9a) +Stop getting out-of-date Python package manager commands from your AI. Cross-reference latest official `pip`, `poetry`, `uv`, and `conda` docs with auto-updates. [[Demo]](https://www.loom.com/share/a80f6041dc374c07b95b2397ee4e8ca1?sid=1209cdce-7239-447e-8b20-49eae454cc9a) ## πŸš€ Quick Start for Agentic IDEs -**1. Pull latest Docker image**: +**1. Pull Docker image**: ```shell +# Pin to specific commit hash for production security +# See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags +docker pull keminghe/py-dep-man-companion:sha256-... + +# Or use latest for development docker pull keminghe/py-dep-man-companion:latest ``` @@ -27,7 +32,7 @@ docker pull keminghe/py-dep-man-companion:latest } ``` -**3. Query official docs directly in your AI chat** - guaranteed fresh from weekly automated updates. +**3. Ask package manager questions** - "How to migrate a `conda` project to `uv`?" and get accurate, current official syntax. ## 🀝 Contributing @@ -49,8 +54,6 @@ graph LR INDEX --> DOCKER ``` -**Zero maintenance**: Documentation automatically synced weekly from official sources. Docker `:latest` tag guarantees you always get current docs without manual updates. - ## πŸ—ΊοΈ Roadmap - [ ] Add support for `pipenv`, `pdm`, `pixi` From 14b0d70e21c3cb1519d2b7daadcf7dc4d246e9bf Mon Sep 17 00:00:00 2001 From: Keming He Date: Wed, 23 Jul 2025 23:22:55 -0400 Subject: [PATCH 2/5] docs(README*.md): add concrete example to pin image to commit hash --- README-dockerhub.md | 4 ++-- README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 4271f8c..17b00f6 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -9,9 +9,9 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref **1. Pull Docker image**: ```shell -# Pin to specific commit hash for production security +# Pin to commit hash for production security (2025-07-22 release example) # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion:sha256-... +docker pull keminghe/py-dep-man-companion:sha256-2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # Or use latest for development docker pull keminghe/py-dep-man-companion:latest diff --git a/README.md b/README.md index 76e9ffb..034fcd0 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref **1. Pull Docker image**: ```shell -# Pin to specific commit hash for production security +# Pin to commit hash for production security (2025-07-22 release example) # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion:sha256-... +docker pull keminghe/py-dep-man-companion:sha256-2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # Or use latest for development docker pull keminghe/py-dep-man-companion:latest From 445a0d63fe0d857b31cca859a710e7997d861a02 Mon Sep 17 00:00:00 2001 From: Keming He Date: Wed, 23 Jul 2025 23:32:11 -0400 Subject: [PATCH 3/5] fix(README*.md): correct docker image commit hash tag format --- README-dockerhub.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 17b00f6..9e2fa7d 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -11,7 +11,7 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref ```shell # Pin to commit hash for production security (2025-07-22 release example) # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion:sha256-2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 +docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # Or use latest for development docker pull keminghe/py-dep-man-companion:latest diff --git a/README.md b/README.md index 034fcd0..f06101b 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref ```shell # Pin to commit hash for production security (2025-07-22 release example) # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion:sha256-2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 +docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # Or use latest for development docker pull keminghe/py-dep-man-companion:latest From e6def25ce9d964628b5260f5aa2eeb902511c0f6 Mon Sep 17 00:00:00 2001 From: Keming He Date: Wed, 23 Jul 2025 23:34:38 -0400 Subject: [PATCH 4/5] docs(REAME*.md): remove excess whitespace --- README-dockerhub.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 9e2fa7d..a22803f 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -13,7 +13,7 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 -# Or use latest for development +# Or use latest for development docker pull keminghe/py-dep-man-companion:latest ``` diff --git a/README.md b/README.md index f06101b..d76fce2 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref # See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 -# Or use latest for development +# Or use latest for development docker pull keminghe/py-dep-man-companion:latest ``` From 8a4a3b2c24bdaa52b259bbf5804c2e8aec8042c9 Mon Sep 17 00:00:00 2001 From: Keming He Date: Wed, 23 Jul 2025 23:40:25 -0400 Subject: [PATCH 5/5] docs(README*.md): add action-oriented comments for docker pull --- README-dockerhub.md | 6 +++--- README.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index a22803f..0d1f993 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -9,9 +9,9 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref **1. Pull Docker image**: ```shell -# Pin to commit hash for production security (2025-07-22 release example) -# See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 +# Pin to commit hash for production security +# Get current hash from: https://hub.docker.com/r/keminghe/py-dep-man-companion/tags +docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # 2025-07-22 release example # Or use latest for development docker pull keminghe/py-dep-man-companion:latest diff --git a/README.md b/README.md index d76fce2..e35acab 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ Stop getting out-of-date Python package manager commands from your AI. Cross-ref **1. Pull Docker image**: ```shell -# Pin to commit hash for production security (2025-07-22 release example) -# See https://hub.docker.com/r/keminghe/py-dep-man-companion/tags -docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 +# Pin to commit hash for production security +# Get current hash from: https://hub.docker.com/r/keminghe/py-dep-man-companion/tags +docker pull keminghe/py-dep-man-companion@sha256:2c896dc617e8cd3b1a1956580322b0f0c80d5b6dfd09743d90859d2ef2b71ec6 # 2025-07-22 release example # Or use latest for development docker pull keminghe/py-dep-man-companion:latest