v1.1.4

• run Subcommand: Added composer run [-m] [-s] [-F] [-f FILE] [-d] <service> <command...> to run a command inside a Compose service without hand-writing docker exec/docker run. Defaults to docker compose exec <service> <command...>; -m/--manage prepends python manage.py, -s/--shell wraps the command in sh -c, -F/--fresh switches to a one-off docker compose run --rm. TTY is auto-managed (-T added when stdin/stdout aren't a terminal). Implemented as an early argv[1] == "run" intercept in DockerComposeLauncher.run() → handle_run() → DockerComposeMixin.exec_in_service(), with a new SubprocessRunnerMixin.run_command_interactive() (inherited stdio) and DockerComposeMixin.resolve_compose_cli() (one-shot plugin/legacy probe since interactive runs can't inspect captured output). Compose-file resolution extracted to resolve_active_compose_files() and reused; run honors -f/-d. Documented in the main --help epilog and composer run --help.

v1.1.3

• Update-Then-Recreate (-u/--update [service]): -u now pulls the latest image(s) and recreates immediately in one step. With a service name it scopes both the pull and the recreate — composer/cli.py keeps nargs="?"/const=True, DockerComposeLauncher now sets up_service alongside pull_service, and DockerComposeMixin.launch_containers() appends the service to up -d so only that service is recreated (Compose still starts its dependencies; recreate is image/config-change driven, no --force-recreate). Native Compose semantics: dependents aren't auto-restarted unless their own image changed.
• Update-Only (-uo/--update-only [service]): New flag preserving the previous -u behavior — pull (optionally one service) before the normal full up -d startup, without scoping the recreate. Maps to update_images/pull_service without setting up_service.
• Restart (-r/--restart [service]): New flag that runs docker compose restart [service] instead of --down + start, preserving containers so baked-in env vars survive. Added DockerComposeMixin.restart_containers() and a dedicated launcher branch that resolves secrets, restarts, then monitors health (no post-start/migration hooks). RenderingMixin.render() is restart-aware: shows "Restart Services (svc)", hides the Pull/Post-Start rows, and labels a scoped -u recreate as "Start Compose (svc)".

v1.1.2

• Skip Commented-Out Var Refs: required_compose_vars() now strips YAML comments before scanning, so a ${VAR} inside a full-line or trailing # … comment is no longer counted as required. A mid-token # (e.g. url#frag) is preserved, so a real ${VAR} after it still counts. Adds ConfigMixin._COMMENT_RE.

v1.1.1

• Smarter Required-Var Detection: required_compose_vars() no longer produces false "missing variable" failures. It strips $$ escapes before scanning (so shell variables in command/healthcheck scripts like $$attempts are not mistaken for compose interpolations), and subtracts variables the compose already supplies itself — ConfigMixin._compose_env_keys() collects keys an environment: block assigns a concrete literal value to (mapping and list syntax), while bare pass-throughs (- KEY) and interpolated values (KEY: ${KEY}) are still treated as needing a value.

v1.1.0

• Plaintext-First Secrets Resolution (default): Running with no secrets flags now auto-resolves secrets. SecretsMixin.resolve_secrets() searches plaintext env candidates (.env, secrets/.env, .secrets/.env) and uses the first file that satisfies every variable required by the compose (computed via the new ConfigMixin.required_compose_vars(), which parses ${VAR} interpolations and skips those with a :-/-/:+/+ default). If none qualify, it falls back to an encrypted file (secrets.enc, secrets/secrets.enc, .secrets/secrets.enc), prompting for the AGE private key only when one was not supplied via -k/positional/SOPS_AGE_KEY. Added env helpers parse_env_file(), parse_dotenv_text(), apply_env_values() and source helpers plaintext_env_candidates()/encrypted_secrets_path(); DockerComposeLauncher now tracks secrets_source.
• Removed -sd/--skip-decrypt: The skip-decrypt flag is obsolete and fully removed from composer/cli.py, launcher.py, rendering.py, and secrets_manager.py (dropped load_secrets()/load_secrets_from_file() and the dev-mode coupling that forced it). -d/--dev is now purely the two-compose-file override mode and no longer dictates the secrets source.
• Dev Mode Forces Debug: -d/--dev now always turns debug on regardless of the project's DEBUG/DEBUG_STATUS value (or its absence). DockerComposeMixin.sync_runtime_compose_override() injects DEBUG: "True" and DEBUG_STATUS: "True" into every service's environment in the last-applied override file (overriding any compose declaration), build_compose_env() exports DEBUG=True/DEBUG_STATUS=True for ${DEBUG}/${DEBUG_STATUS} interpolation, and the launcher forces the debug_mode UI flag. Both names are added to the injected set so they never count as missing required secrets.
• UI Refresh: Reworked the status panel in RenderingMixin.render() — lighter ━ rules replacing the solid block bars, a bold title, the compose-file list on its own 📂 line, and a secrets-source flag (🔐 DECRYPTED <path> / 🔓 PLAINTEXT <path>) replacing the old ⚠️ BYPASS DECRYPTION indicator. The first step is relabeled Load Secrets and shows the resolved source path.

v1.0.1

• Runtime-Gated Image Publishing: Added scripts/smoke-test.sh, which runs the built image and asserts --version matches the VERSION file, --help exposes the core flags (--down/--purge/--volumes/--update/--build/--encrypt/--decrypt), the bundled age/sops/docker/docker compose binaries are runnable, the keygen entrypoint route emits an AGE key, and an end-to-end age+sops encrypt/decrypt round trip succeeds. .github/workflows/release.yml now builds the amd64 image with load: true and runs the smoke tests before the multi-arch Docker Hub push, so a runtime-broken image can no longer be published. .github/workflows/ci.yml runs the same smoke tests on every push/PR to main.

v1.0.0

• Composer Rebrand: Relaunched under the Composer name, replaced the old Decrypter branding, removed obsolete passphrase-based encryption/decryption support, and improved the modular package structure (composer/ mixins) and single-status-line terminal UI.
• Purge Flag (-p/--purge): Added a --down child flag in composer/cli.py driving a full compose teardown in DockerComposeMixin.down_containers() — appends -v (implies volume removal even without -v), --rmi local to drop built untagged images, and --remove-orphans. Adds DockerComposeMixin.prune_build_cache() running docker builder prune -f for dangling BuildKit cache (not compose-scopeable). Wired through down_volumes/purge on DockerComposeLauncher.
• Tag-Driven Release Pipeline: Added .github/workflows/release.yml triggered by v* tags — verifies the tag matches the VERSION file, builds the multi-arch (linux/amd64,linux/arm64) image with Buildx, pushes debeski/composer:<version> and debeski/composer:latest to Docker Hub, and publishes a GitHub Release using the matching CHANGELOG.md section. Added .github/workflows/ci.yml running compileall + CLI smoke and a no-push Docker build on pushes/PRs to main.
• Changelog Renormalized: Folded the pre-release v1.0.0–v2.0.0 history into the v0.1.x series so the first GitHub-Actions-published image starts a clean v1.0.0.