refactor(devcontainer): create dedicated installation scripts

[iplaylf2]

Quick Notes

• Title: Set the PR title to @coderabbitai to have the bot generate one for you.

• Review: The bot reviews PRs by default. To opt out, add the no bot reviewer label.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces dedicated installation scripts for fnm, uv, and shadowenv devcontainer features, shifting from inline installation logic to delegated scripts. It updates workspace container paths from /mnt to /src, adds shadowenv to the spell checker dictionary, and refactors feature manifests.

Changes

Cohort / File(s)	Summary
Spell Checker Dictionary .cspell/third-party-words.txt	Added "shadowenv" entry to recognized third-party words.
Documentation README.md	Updated container workspace path from /mnt/ to /src/.
fnm Feature Refactoring features/fnm/devcontainer-feature.json, features/fnm/install.sh, features/fnm/fnm-install.sh	Shortened feature name to "fnm", extracted installation logic into dedicated fnm-install.sh script, and refactored install.sh to delegate to external script with remote-user handling via su.
shadowenv Feature (New) features/shadowenv/devcontainer-feature.json, features/shadowenv/install.sh, features/shadowenv/shadowenv-register.sh	Added complete shadowenv feature with manifest, binary installation script for multi-architecture support (x86_64 and aarch64), and bash initialization registration.
uv Feature Refactoring features/uv/install.sh, features/uv/uv-install.sh	Extracted installation logic into dedicated uv-install.sh script and refactored install.sh to delegate with improved remote-user handling using id-based checks.
Devcontainer Template projects/.template/.devcontainer/devcontainer.json	Updated default workspace directory from /mnt/${localWorkspaceFolderBasename} to /src/${localWorkspaceFolderBasename}.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore(images): remove Node.js image now handled by features #8 — Relates to fnm installation refactoring; both PRs modify how fnm is installed and managed within the devcontainer setup.
• refactor(devcontainer): restructure with project-specific templates #6 — Directly connected; modifies the same feature files (fnm, uv) and devcontainer template workspace configuration.
• refactor(devcontainer): Migrate to template-based project structure #5 — Related through workspace path changes; both PRs update the container's workspace directory configuration.

🚥 Pre-merge checks | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description only contains template boilerplate instructions with no actual content about the changes being made.	Provide a meaningful description explaining the purpose and scope of changes: workspace path migration, script refactoring, feature name updates, and shadowenv addition.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/template/standardize-devcontainer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In `@features/fnm/fnm-install.sh`:
- Line 6: Replace the unpinned installer invocation that pipes the remote script
into bash with a pinned release invocation by adding the --release flag and a
specific version (e.g., use the install entry that passes "--release v1.38.1" to
bash); update the command in fnm-install.sh to call the installer with the
--release argument to pin the installer version, and optionally change the flow
to download the release artifact first and verify its checksum/signature before
running the installer for extra supply-chain protection.
- Around line 8-9: The script currently hardcodes fnm_dir to
"$HOME/.local/share/fnm" which ignores FNM_DIR and XDG_DATA_HOME; change logic
in the fnm_dir assignment so it first uses $FNM_DIR if set, else uses
"$XDG_DATA_HOME/fnm" when XDG_DATA_HOME is set, else fall back to the
platform-specific default (on macOS use "$HOME/Library/Application Support/fnm",
otherwise use "$HOME/.local/share/fnm"); ensure the computed fnm_dir is created
(mkdir -p) and then export PATH using the resolved fnm_dir variable (export
PATH="$fnm_dir:$PATH") so the PATH export and directory creation consistently
respect FNM_DIR and XDG_DATA_HOME.

In `@features/shadowenv/install.sh`:
- Around line 24-28: The condition uses $_REMOTE_USER which will cause a failure
under set -u when unset; update the check to defensively default that variable
(e.g., treat it as the current user when unset) before comparing or use
parameter expansion in-place. Locate the block referencing $_REMOTE_USER and
REGISTER_SCRIPT and change it to use a safe fallback like assigning
REMOTE_USER="${_REMOTE_USER:-$(id -un)}" (or using "${_REMOTE_USER:-$(id -un)}"
in the comparison) so the script runs locally if the container runtime didn’t
set _REMOTE_USER.

In `@features/uv/uv-install.sh`:
- Line 6: The installer invocation currently downloads the "latest" script via
curl (curl -LsSf https://astral.sh/uv/install.sh | sh) which is a moving target;
change it to use a version-pinned URL (curl -LsSf
https://astral.sh/uv/<VERSION>/install.sh | sh) and replace <VERSION> with a
specific release (e.g., 0.9.23) so the uv installer is deterministic and not
pulling whatever is published to "latest".
- Line 7: The script currently unconditionally sources "$HOME/.local/bin/env"
(via . "$HOME/.local/bin/env") while set -e is enabled, which will abort if the
file is missing and triggers SC1091; update the uv-install.sh bootstrap to first
test for the file's existence and only source it when present, and when it's
absent set a sensible PATH fallback (e.g., ensure "$HOME/.local/bin" is
prepended to PATH) so the script continues safely and the shellcheck warning is
resolved.